public void ICMPv4Parsing () { var dev = new CaptureFileReaderDevice("../../CaptureFiles/ICMPv4.pcap"); dev.Open(); var rawCapture = dev.GetNextPacket(); dev.Close(); // Parse an icmp request Packet p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data); Assert.IsNotNull(p); var icmp = ICMPv4Packet.GetEncapsulated(p); Console.WriteLine(icmp.GetType()); Assert.AreEqual(ICMPv4TypeCodes.EchoRequest, icmp.TypeCode); Assert.AreEqual(0xe05b, icmp.Checksum); Assert.AreEqual(0x0200, icmp.ID); Assert.AreEqual(0x6b00, icmp.Sequence); // check that the message matches string expectedString = "abcdefghijklmnopqrstuvwabcdefghi"; byte[] expectedData = System.Text.ASCIIEncoding.ASCII.GetBytes(expectedString); Assert.AreEqual(expectedData, icmp.Data); }
public void CookedCaptureTest() { var dev = new CaptureFileReaderDevice("../../CaptureFiles/LinuxCookedCapture.pcap"); dev.Open(); RawCapture rawCapture; int packetIndex = 0; while((rawCapture = dev.GetNextPacket()) != null) { Packet p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data); switch(packetIndex) { case 0: VerifyPacket0(p); break; case 1: VerifyPacket1(p); break; case 2: VerifyPacket2(p); break; default: Assert.Fail("didn't expect to get to packetIndex " + packetIndex); break; } packetIndex++; } dev.Close(); }
public void SetFilter() { var device = new CaptureFileReaderDevice("../../capture_files/test_stream.pcap"); device.Open(); device.Filter = "port 53"; RawCapture rawPacket; int count = 0; do { rawPacket = device.GetNextPacket(); if(rawPacket != null) { Packet p = Packet.ParsePacket(rawPacket.LinkLayerType, rawPacket.Data); var udpPacket = UdpPacket.GetEncapsulated(p); Assert.IsNotNull(udpPacket); int dnsPort = 53; Assert.AreEqual(dnsPort, udpPacket.DestinationPort); count++; } } while(rawPacket != null); Assert.AreEqual(1, count); device.Close(); // close the device }
public void Test_Constructor() { var dev = new CaptureFileReaderDevice("../../CaptureFiles/80211_authentication_frame.pcap"); dev.Open(); var rawCapture = dev.GetNextPacket(); dev.Close(); Packet p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data); AuthenticationFrame frame = (AuthenticationFrame)p.PayloadPacket; Assert.AreEqual(0, frame.FrameControl.ProtocolVersion); Assert.AreEqual(FrameControlField.FrameSubTypes.ManagementAuthentication, frame.FrameControl.SubType); Assert.IsFalse(frame.FrameControl.ToDS); Assert.IsFalse(frame.FrameControl.FromDS); Assert.IsFalse(frame.FrameControl.MoreFragments); Assert.IsFalse(frame.FrameControl.Retry); Assert.IsFalse(frame.FrameControl.PowerManagement); Assert.IsFalse(frame.FrameControl.MoreData); Assert.IsFalse(frame.FrameControl.Wep); Assert.IsFalse(frame.FrameControl.Order); Assert.AreEqual(248, frame.Duration.Field); //this need expanding on in the future Assert.AreEqual("0024B2F8D706", frame.DestinationAddress.ToString().ToUpper()); Assert.AreEqual("00173FB72C29", frame.SourceAddress.ToString().ToUpper()); Assert.AreEqual("0024B2F8D706", frame.BssId.ToString().ToUpper()); Assert.AreEqual(0, frame.SequenceControl.FragmentNumber); Assert.AreEqual(1327, frame.SequenceControl.SequenceNumber); Assert.AreEqual(0, frame.AuthenticationAlgorithmNumber); Assert.AreEqual(1, frame.AuthenticationAlgorithmTransactionSequenceNumber); Assert.AreEqual(AuthenticationStatusCode.Success, frame.StatusCode); Assert.AreEqual(0x4AE3E90F, frame.FrameCheckSequence); Assert.AreEqual(30, frame.FrameSize); }
public void Test_Constructor () { var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_block_acknowledgment_frame.pcap"); dev.Open (); var rawCapture = dev.GetNextPacket (); dev.Close (); Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data); BlockAcknowledgmentFrame frame = (BlockAcknowledgmentFrame)p.PayloadPacket; Assert.AreEqual (0, frame.FrameControl.ProtocolVersion); Assert.AreEqual (FrameControlField.FrameSubTypes.ControlBlockAcknowledgment, frame.FrameControl.SubType); Assert.IsFalse (frame.FrameControl.ToDS); Assert.IsFalse (frame.FrameControl.FromDS); Assert.IsFalse (frame.FrameControl.MoreFragments); Assert.IsFalse (frame.FrameControl.Retry); Assert.IsFalse (frame.FrameControl.PowerManagement); Assert.IsFalse (frame.FrameControl.MoreData); Assert.IsFalse (frame.FrameControl.Wep); Assert.IsFalse (frame.FrameControl.Order); Assert.AreEqual (0, frame.Duration.Field); //this need expanding on in the future Assert.AreEqual ("0024B2F8D706", frame.ReceiverAddress.ToString ().ToUpper ()); Assert.AreEqual ("7CC5376D16E7", frame.TransmitterAddress.ToString ().ToUpper ()); Assert.AreEqual (BlockAcknowledgmentControlField.AcknowledgementPolicy.Delayed, frame.BlockAcknowledgmentControl.Policy); Assert.IsFalse (frame.BlockAcknowledgmentControl.MultiTid); Assert.IsTrue (frame.BlockAcknowledgmentControl.CompressedBitmap); Assert.AreEqual (0, frame.BlockAcknowledgmentControl.Tid); Assert.AreEqual (0, frame.BlockAckStartingSequenceControl); Assert.AreEqual (8, frame.BlockAckBitmap.Length); Assert.AreEqual (0x9BB909C2, frame.FrameCheckSequence); Assert.AreEqual (28, frame.FrameSize); }
public void Test_Constuctor_FromBeaconFrame () { var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_beacon_frame.pcap"); dev.Open (); var rawCapture = dev.GetNextPacket (); dev.Close (); Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data); BeaconFrame beaconFrame = (BeaconFrame)p.PayloadPacket; List<InformationElement> infoElements = beaconFrame.InformationElements; Assert.AreEqual (InformationElement.ElementId.ServiceSetIdentity, infoElements [0].Id); Assert.AreEqual (InformationElement.ElementId.SupportedRates, infoElements [1].Id); Assert.AreEqual (InformationElement.ElementId.DsParameterSet, infoElements [2].Id); Assert.AreEqual (InformationElement.ElementId.TrafficIndicationMap, infoElements [3].Id); Assert.AreEqual (InformationElement.ElementId.ErpInformation, infoElements [4].Id); Assert.AreEqual (InformationElement.ElementId.ErpInformation2, infoElements [5].Id); Assert.AreEqual (InformationElement.ElementId.RobustSecurityNetwork, infoElements [6].Id); Assert.AreEqual (InformationElement.ElementId.ExtendedSupportedRates, infoElements [7].Id); Assert.AreEqual (InformationElement.ElementId.HighThroughputCapabilities, infoElements [8].Id); Assert.AreEqual (InformationElement.ElementId.HighThroughputInformation, infoElements [9].Id); Assert.AreEqual (InformationElement.ElementId.VendorSpecific, infoElements [10].Id); Assert.AreEqual (InformationElement.ElementId.VendorSpecific, infoElements [11].Id); Assert.AreEqual (InformationElement.ElementId.VendorSpecific, infoElements [12].Id); Assert.AreEqual (InformationElement.ElementId.VendorSpecific, infoElements [13].Id); Assert.AreEqual (InformationElement.ElementId.VendorSpecific, infoElements [14].Id); }
public void Test_Constructor () { var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_probe_request_frame.pcap"); dev.Open (); var rawCapture = dev.GetNextPacket (); dev.Close (); Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data); ProbeRequestFrame frame = (ProbeRequestFrame)p.PayloadPacket; Assert.AreEqual (0, frame.FrameControl.ProtocolVersion); Assert.AreEqual (FrameControlField.FrameSubTypes.ManagementProbeRequest, frame.FrameControl.SubType); Assert.IsFalse (frame.FrameControl.ToDS); Assert.IsFalse (frame.FrameControl.FromDS); Assert.IsFalse (frame.FrameControl.MoreFragments); Assert.IsFalse (frame.FrameControl.Retry); Assert.IsFalse (frame.FrameControl.PowerManagement); Assert.IsFalse (frame.FrameControl.MoreData); Assert.IsFalse (frame.FrameControl.Wep); Assert.IsFalse (frame.FrameControl.Order); Assert.AreEqual (0, frame.Duration.Field); //this need expanding on in the future Assert.AreEqual ("FFFFFFFFFFFF", frame.DestinationAddress.ToString ().ToUpper ()); Assert.AreEqual ("0020008AB749", frame.SourceAddress.ToString ().ToUpper ()); Assert.AreEqual ("FFFFFFFFFFFF", frame.BssId.ToString ().ToUpper ()); Assert.AreEqual (0, frame.SequenceControl.FragmentNumber); Assert.AreEqual (234, frame.SequenceControl.SequenceNumber); Assert.AreEqual (0xD83CB03D, frame.FrameCheckSequence); Assert.AreEqual (45, frame.FrameSize); }
public void ReadingPacketsFromFile () { var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_per_packet_information.pcap"); dev.Open (); var rawCapture = dev.GetNextPacket (); dev.Close (); PpiPacket p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data) as PpiPacket; Assert.IsNotNull (p); Assert.AreEqual (0, p.Version); Assert.AreEqual (32, p.Length); Assert.AreEqual (1, p.Count); PpiCommon commonField = p.FindFirstByType(PpiFieldType.PpiCommon) as PpiCommon; Assert.AreEqual (PpiFieldType.PpiCommon, commonField.FieldType); Assert.AreEqual (0, commonField.TSFTimer); Assert.IsTrue ((commonField.Flags & PpiCommon.CommonFlags.FcsIncludedInFrame) == PpiCommon.CommonFlags.FcsIncludedInFrame); Assert.AreEqual (2, commonField.Rate); Assert.AreEqual (2437, commonField.ChannelFrequency); Assert.AreEqual (0x00A0, (int) commonField.ChannelFlags); Assert.AreEqual (0, commonField.FhssHopset); Assert.AreEqual (0, commonField.FhssPattern); Assert.AreEqual (-84, commonField.AntennaSignalPower); Assert.AreEqual (-100, commonField.AntennaSignalNoise); MacFrame macFrame = p.PayloadPacket as MacFrame; Assert.AreEqual(FrameControlField.FrameSubTypes.ControlCTS, macFrame.FrameControl.SubType); Assert.IsTrue(macFrame.AppendFcs); }
public void ParsingArpPacketRequestResponse() { var dev = new CaptureFileReaderDevice("../../CaptureFiles/arp_request_response.pcap"); dev.Open(); RawCapture rawCapture; int packetIndex = 0; while((rawCapture = dev.GetNextPacket()) != null) { var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data); Console.WriteLine("got packet"); Console.WriteLine("{0}", p.ToString()); switch(packetIndex) { case 0: VerifyPacket0(p); break; case 1: VerifyPacket1(p); break; default: Assert.Fail("didn't expect to get to packetIndex " + packetIndex); break; } packetIndex++; } dev.Close(); }
public void Test_Constructor() { var dev = new CaptureFileReaderDevice("../../CaptureFiles/80211_qos_null_data_frame.pcap"); dev.Open(); var rawCapture = dev.GetNextPacket(); dev.Close(); Packet p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data); QosNullDataFrame frame = (QosNullDataFrame)p.PayloadPacket; Assert.AreEqual(0, frame.FrameControl.ProtocolVersion); Assert.AreEqual(FrameControlField.FrameSubTypes.QosNullData, frame.FrameControl.SubType); Assert.IsFalse(frame.FrameControl.ToDS); Assert.IsTrue(frame.FrameControl.FromDS); Assert.IsFalse(frame.FrameControl.MoreFragments); Assert.IsFalse(frame.FrameControl.Retry); Assert.IsFalse(frame.FrameControl.PowerManagement); Assert.IsFalse(frame.FrameControl.MoreData); Assert.IsFalse(frame.FrameControl.Wep); Assert.IsFalse(frame.FrameControl.Order); Assert.AreEqual(314, frame.Duration.Field); Assert.AreEqual("78ACC00A5E0E", frame.DestinationAddress.ToString().ToUpper()); Assert.AreEqual("00223FC1F378", frame.BssId.ToString().ToUpper()); Assert.AreEqual("00223FC1F378", frame.SourceAddress.ToString().ToUpper()); Assert.AreEqual(0, frame.SequenceControl.FragmentNumber); Assert.AreEqual(2292, frame.SequenceControl.SequenceNumber); Assert.AreEqual(0x00, frame.QosControl); Assert.AreEqual(0xDBF2B119, frame.FrameCheckSequence); Assert.AreEqual(26, frame.FrameSize); }
public void Test_Constructor_EncryptedDataFrame() { var dev = new CaptureFileReaderDevice("../../CaptureFiles/80211_encrypted_data_frame.pcap"); dev.Open(); var rawCapture = dev.GetNextPacket(); dev.Close(); Packet p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data); DataDataFrame frame = (DataDataFrame)p.PayloadPacket; Assert.AreEqual(0, frame.FrameControl.ProtocolVersion); Assert.AreEqual(FrameControlField.FrameSubTypes.Data, frame.FrameControl.SubType); Assert.IsFalse(frame.FrameControl.ToDS); Assert.IsTrue(frame.FrameControl.FromDS); Assert.IsFalse(frame.FrameControl.MoreFragments); Assert.IsFalse(frame.FrameControl.Retry); Assert.IsFalse(frame.FrameControl.PowerManagement); Assert.IsFalse(frame.FrameControl.MoreData); Assert.IsTrue(frame.FrameControl.Wep); Assert.IsFalse(frame.FrameControl.Order); Assert.AreEqual(0, frame.Duration.Field); //this need expanding on in the future Assert.AreEqual("33330000000C", frame.DestinationAddress.ToString().ToUpper()); Assert.AreEqual("00173FB72C29", frame.SourceAddress.ToString().ToUpper()); Assert.AreEqual("0024B2F8D706", frame.BssId.ToString().ToUpper()); Assert.AreEqual(0, frame.SequenceControl.FragmentNumber); Assert.AreEqual(1561, frame.SequenceControl.SequenceNumber); Assert.AreEqual(0xC77B6323, frame.FrameCheckSequence); Assert.AreEqual(24, frame.FrameSize); Assert.AreEqual(218, frame.PayloadData.Length); }
public void Test_Constructor () { var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_ack_frame.pcap"); dev.Open (); var rawCapture = dev.GetNextPacket (); dev.Close (); Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data); AckFrame frame = (AckFrame)p.PayloadPacket; Assert.AreEqual (0, frame.FrameControl.ProtocolVersion); Assert.AreEqual (FrameControlField.FrameSubTypes.ControlACK, frame.FrameControl.SubType); Assert.IsFalse (frame.FrameControl.ToDS); Assert.IsFalse (frame.FrameControl.FromDS); Assert.IsFalse (frame.FrameControl.MoreFragments); Assert.IsFalse (frame.FrameControl.Retry); Assert.IsFalse (frame.FrameControl.PowerManagement); Assert.IsFalse (frame.FrameControl.MoreData); Assert.IsFalse (frame.FrameControl.Wep); Assert.IsFalse (frame.FrameControl.Order); Assert.AreEqual (0, frame.Duration.Field); //this need expanding on in the future Assert.AreEqual ("F8DB7F491342", frame.ReceiverAddress.ToString ().ToUpper ()); Assert.AreEqual (0xD2F5BE07, frame.FrameCheckSequence); Assert.AreEqual (10, frame.FrameSize); }
public void UDPData() { RawCapture rawCapture; UdpPacket u; Packet p; var dev = new CaptureFileReaderDevice("../../CaptureFiles/udp_dns_request_response.pcap"); dev.Open(); // check the first packet rawCapture = dev.GetNextPacket(); p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data); Assert.IsNotNull(p); u = (UdpPacket)p.Extract(typeof(UdpPacket)); Assert.IsNotNull(u, "Expected a non-null UdpPacket"); Assert.AreEqual(41 - u.Header.Length, u.PayloadData.Length, "UDPData.Length mismatch"); // check the second packet rawCapture = dev.GetNextPacket(); p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data); Assert.IsNotNull(p); u = (UdpPacket)p.Extract(typeof(UdpPacket)); Assert.IsNotNull(u, "Expected u to be a UdpPacket"); Assert.AreEqual(356 - u.Header.Length, u.PayloadData.Length, "UDPData.Length mismatch"); Console.WriteLine("u is {0}", u.ToString()); dev.Close(); }
public void Test_Constructor () { var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_null_data_frame.pcap"); dev.Open (); var rawCapture = dev.GetNextPacket (); dev.Close (); Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data); NullDataFrame frame = (NullDataFrame)p.PayloadPacket; Assert.AreEqual (0, frame.FrameControl.ProtocolVersion); Assert.AreEqual (FrameControlField.FrameSubTypes.DataNullFunctionNoData, frame.FrameControl.SubType); Assert.IsTrue (frame.FrameControl.ToDS); Assert.IsFalse (frame.FrameControl.FromDS); Assert.IsFalse (frame.FrameControl.MoreFragments); Assert.IsFalse (frame.FrameControl.Retry); Assert.IsFalse (frame.FrameControl.PowerManagement); Assert.IsFalse (frame.FrameControl.MoreData); Assert.IsFalse (frame.FrameControl.Wep); Assert.IsFalse (frame.FrameControl.Order); Assert.AreEqual (314, frame.Duration.Field); //this need expanding on in the future Assert.AreEqual ("001B2F02DC6C", frame.DestinationAddress.ToString ().ToUpper ()); Assert.AreEqual ("2477030C721C", frame.SourceAddress.ToString ().ToUpper ()); Assert.AreEqual ("001B2F02DC6C", frame.BssId.ToString ().ToUpper ()); Assert.AreEqual (0, frame.SequenceControl.FragmentNumber); Assert.AreEqual (1245, frame.SequenceControl.SequenceNumber); Assert.AreEqual (0x8DAD458C, frame.FrameCheckSequence); Assert.AreEqual (24, frame.FrameSize); }
public void Test_Constructor () { var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_disassociation_frame.pcap"); dev.Open (); var rawCapture = dev.GetNextPacket (); dev.Close (); Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data); DisassociationFrame frame = (DisassociationFrame)p.PayloadPacket; Assert.AreEqual (0, frame.FrameControl.ProtocolVersion); Assert.AreEqual (FrameControlField.FrameSubTypes.ManagementDisassociation, frame.FrameControl.SubType); Assert.IsFalse (frame.FrameControl.ToDS); Assert.IsFalse (frame.FrameControl.FromDS); Assert.IsFalse (frame.FrameControl.MoreFragments); Assert.IsFalse (frame.FrameControl.Retry); Assert.IsFalse (frame.FrameControl.PowerManagement); Assert.IsFalse (frame.FrameControl.MoreData); Assert.IsFalse (frame.FrameControl.Wep); Assert.IsFalse (frame.FrameControl.Order); Assert.AreEqual (248, frame.Duration.Field); //this need expanding on in the future Assert.AreEqual ("0024B2F8D706", frame.DestinationAddress.ToString ().ToUpper ()); Assert.AreEqual ("00173FB72C29", frame.SourceAddress.ToString ().ToUpper ()); Assert.AreEqual ("0024B2F8D706", frame.BssId.ToString ().ToUpper ()); Assert.AreEqual (0, frame.SequenceControl.FragmentNumber); Assert.AreEqual (1311, frame.SequenceControl.SequenceNumber); Assert.AreEqual (ReasonCode.LeavingToRoam, frame.Reason); Assert.AreEqual (0xB17572A4, frame.FrameCheckSequence); Assert.AreEqual (26, frame.FrameSize); }
public void WakeOnLanParsing() { var dev = new CaptureFileReaderDevice("../../CaptureFiles/wol.pcap"); dev.Open(); RawCapture rawCapture; int packetIndex = 0; while((rawCapture = dev.GetNextPacket()) != null) { var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data); Assert.IsNotNull(p); var wol = PacketDotNet.WakeOnLanPacket.GetEncapsulated(p); Assert.IsNotNull(p); if(packetIndex == 0) Assert.AreEqual(wol.DestinationMAC, PhysicalAddress.Parse("00-0D-56-DC-9E-35")); if(packetIndex == 3) Assert.AreEqual(wol.DestinationMAC, PhysicalAddress.Parse("00-90-27-85-CF-01")); packetIndex++; } dev.Close(); }
public void Test_Constructor_AddBlockAckResponseReport () { var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_block_ack_response_action_frame.pcap"); dev.Open (); var rawCapture = dev.GetNextPacket (); dev.Close (); Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data); ActionFrame frame = (ActionFrame)p.PayloadPacket; Assert.AreEqual (0, frame.FrameControl.ProtocolVersion); Assert.AreEqual (FrameControlField.FrameSubTypes.ManagementAction, frame.FrameControl.SubType); Assert.IsFalse (frame.FrameControl.ToDS); Assert.IsFalse (frame.FrameControl.FromDS); Assert.IsFalse (frame.FrameControl.MoreFragments); Assert.IsFalse (frame.FrameControl.Retry); Assert.IsFalse (frame.FrameControl.PowerManagement); Assert.IsFalse (frame.FrameControl.MoreData); Assert.IsFalse (frame.FrameControl.Wep); Assert.IsFalse (frame.FrameControl.Order); Assert.AreEqual (314, frame.Duration.Field); //this need expanding on in the future Assert.AreEqual ("0024B2F8D706", frame.DestinationAddress.ToString ().ToUpper ()); Assert.AreEqual ("7CC5376D16E7", frame.SourceAddress.ToString ().ToUpper ()); Assert.AreEqual ("0024B2F8D706", frame.BssId.ToString ().ToUpper ()); Assert.AreEqual (0, frame.SequenceControl.FragmentNumber); Assert.AreEqual (3826, frame.SequenceControl.SequenceNumber); Assert.AreEqual (0x6D3FCFA3, frame.FrameCheckSequence); Assert.AreEqual (24, frame.FrameSize); Assert.AreEqual (9, frame.PayloadData.Length); }
public void IPv6PacketTestParsing() { var dev = new CaptureFileReaderDevice("../../CaptureFiles/ipv6_icmpv6_packet.pcap"); dev.Open(); RawCapture rawCapture; int packetIndex = 0; while((rawCapture = dev.GetNextPacket()) != null) { var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data); Console.WriteLine("got packet"); switch(packetIndex) { case 0: VerifyPacket0(p, rawCapture); break; default: Assert.Fail("didn't expect to get to packetIndex " + packetIndex); break; } packetIndex++; } dev.Close(); }
public void Test_Constructor () { var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_contention_free_end_frame.pcap"); dev.Open (); var rawCapture = dev.GetNextPacket (); dev.Close (); Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data); ContentionFreeEndFrame frame = (ContentionFreeEndFrame)p.PayloadPacket; Assert.AreEqual (0, frame.FrameControl.ProtocolVersion); Assert.AreEqual (FrameControlField.FrameSubTypes.ControlCFEnd, frame.FrameControl.SubType); Assert.IsFalse (frame.FrameControl.ToDS); Assert.IsFalse (frame.FrameControl.FromDS); Assert.IsFalse (frame.FrameControl.MoreFragments); Assert.IsFalse (frame.FrameControl.Retry); Assert.IsFalse (frame.FrameControl.PowerManagement); Assert.IsFalse (frame.FrameControl.MoreData); Assert.IsFalse (frame.FrameControl.Wep); Assert.IsTrue (frame.FrameControl.Order); Assert.AreEqual (0, frame.Duration.Field); //this need expanding on in the future Assert.AreEqual ("FFFFFFFFFFFF", frame.ReceiverAddress.ToString ().ToUpper ()); Assert.AreEqual ("001B2FDCFC12", frame.BssId.ToString ().ToUpper ()); Assert.AreEqual (0x0AE8A403, frame.FrameCheckSequence); Assert.AreEqual (16, frame.FrameSize); }
public static void Main (string[] args) { string ver = SharpPcap.Version.VersionString; /* Print SharpPcap version */ Console.WriteLine("SharpPcap {0}, ReadingCaptureFile", ver); Console.WriteLine(); Console.WriteLine(); // read the file from stdin or from the command line arguments string capFile; if(args.Length == 0) { Console.Write("-- Please enter an input capture file name: "); capFile = Console.ReadLine(); } else { // use the first argument as the filename capFile = args[0]; } Console.WriteLine("opening '{0}'", capFile); ICaptureDevice device; try { // Get an offline device device = new CaptureFileReaderDevice( capFile ); // Open the device device.Open(); } catch(Exception e) { Console.WriteLine("Caught exception when opening file" + e.ToString()); return; } // Register our handler function to the 'packet arrival' event device.OnPacketArrival += new PacketArrivalEventHandler( device_OnPacketArrival ); Console.WriteLine(); Console.WriteLine ("-- Capturing from '{0}', hit 'Ctrl-C' to exit...", capFile); // Start capture 'INFINTE' number of packets // This method will return when EOF reached. device.Capture(); // Close the pcap device device.Close(); Console.WriteLine("-- End of file reached."); Console.Write("Hit 'Enter' to exit..."); Console.ReadLine(); }
public void ReadingRawPacketWithoutFcs () { var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_raw_without_fcs.pcap"); dev.Open (); var rawCapture = dev.GetNextPacket (); dev.Close (); Packet p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data); Assert.IsNotNull (p); }
public void CaptureFinite() { var device = new CaptureFileReaderDevice("../../capture_files/ipv6_http.pcap"); device.OnPacketArrival += HandleDeviceOnPacketArrival; device.Open(); var expectedPackets = 3; capturedPackets = 0; device.Capture(expectedPackets); Assert.AreEqual(expectedPackets, capturedPackets); }
public void ReadPacketWithInvalidFcs () { var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_ppi_fcs_present_and_invalid.pcap"); dev.Open (); var rawCapture = dev.GetNextPacket (); dev.Close (); PpiPacket p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data) as PpiPacket; //The packet is corrupted in such a way that the type field has been changed //to a reserved/unused type. Therefore we don't expect there to be a packet Assert.IsNull (p.PayloadPacket); Assert.IsNotNull(p.PayloadData); }
public void PrintString() { Console.WriteLine("Loading the sample capture file"); var dev = new CaptureFileReaderDevice("../../CaptureFiles/tcp.pcap"); dev.Open(); Console.WriteLine("Reading packet data"); var rawCapture = dev.GetNextPacket(); var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data); Console.WriteLine("Parsing"); var ip = IPv4Packet.GetEncapsulated(p); Console.WriteLine("Printing human readable string"); Console.WriteLine(ip.ToString()); }
public void Test_AppendFcs_Raw80211WithFcs() { var dev = new CaptureFileReaderDevice("../../CaptureFiles/80211_raw_with_fcs.pcap"); dev.Open(); var rawCapture = dev.GetNextPacket(); dev.Close(); //For this test we are just going to ignore the radio packet that precedes the data frame Packet p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data); MacFrame macFrame = p as MacFrame; //When its raw 802.11 we cant tell if there is an FCS there so even though //there is we still expect AppendFcs to be false. Assert.IsFalse(macFrame.AppendFcs); }
public void PrintVerboseString() { Console.WriteLine("Loading the sample capture file"); var dev = new CaptureFileReaderDevice("../../CaptureFiles/tcp.pcap"); dev.Open(); Console.WriteLine("Reading packet data"); var rawCapture = dev.GetNextPacket(); var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data); Console.WriteLine("Parsing"); var ip = (IPv4Packet)p.Extract(typeof(IPv4Packet)); Console.WriteLine("Printing human readable string"); Console.WriteLine(ip.ToString(StringOutputType.Verbose)); }
public void PrintString() { Console.WriteLine("Loading the sample capture file"); var dev = new CaptureFileReaderDevice("../../CaptureFiles/IGMP dataset.pcap"); dev.Open(); Console.WriteLine("Reading packet data"); var rawCapture = dev.GetNextPacket(); var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data); Console.WriteLine("Parsing"); var igmpV2 = (IGMPv2Packet)p.Extract (typeof(IGMPv2Packet)); Console.WriteLine("Printing human readable string"); Console.WriteLine(igmpV2.ToString()); }
public void ReadPacketWithNoFcs() { var dev = new CaptureFileReaderDevice ("../../CaptureFiles/80211_radio_without_fcs.pcap"); dev.Open (); var rawCapture = dev.GetNextPacket (); dev.Close (); RadioPacket p = Packet.ParsePacket (rawCapture.LinkLayerType, rawCapture.Data) as RadioPacket; Assert.IsNotNull (p.PayloadPacket); TsftRadioTapField tsftField = p[RadioTapType.Tsft] as TsftRadioTapField; Assert.IsNotNull(tsftField); Assert.AreEqual(38724775, tsftField.TimestampUsec); FlagsRadioTapField flagsField = p[RadioTapType.Flags] as FlagsRadioTapField; Assert.IsNotNull(flagsField); Assert.AreEqual(0, (int)flagsField.Flags); RateRadioTapField rateField = p[RadioTapType.Rate] as RateRadioTapField; Assert.IsNotNull(rateField); Assert.AreEqual(1, rateField.RateMbps); ChannelRadioTapField channelField = p[RadioTapType.Channel] as ChannelRadioTapField; Assert.IsNotNull(channelField); Assert.AreEqual(2462, channelField.FrequencyMHz); Assert.AreEqual(11, channelField.Channel); Assert.AreEqual(RadioTapChannelFlags.Channel2Ghz | RadioTapChannelFlags.Cck, channelField.Flags); DbmAntennaSignalRadioTapField dbmSignalField = p[RadioTapType.DbmAntennaSignal] as DbmAntennaSignalRadioTapField; Assert.IsNotNull(dbmSignalField); Assert.AreEqual(-61, dbmSignalField.AntennaSignalDbm); DbmAntennaNoiseRadioTapField dbmNoiseField = p[RadioTapType.DbmAntennaNoise] as DbmAntennaNoiseRadioTapField; Assert.IsNotNull(dbmNoiseField); Assert.AreEqual(-84, dbmNoiseField.AntennaNoisedBm); AntennaRadioTapField antennaField = p[RadioTapType.Antenna] as AntennaRadioTapField; Assert.IsNotNull(antennaField); Assert.AreEqual(0, antennaField.Antenna); DbAntennaSignalRadioTapField dbSignalField = p[RadioTapType.DbAntennaSignal] as DbAntennaSignalRadioTapField; Assert.IsNotNull(dbSignalField); Assert.AreEqual(23, dbSignalField.SignalStrengthdB); MacFrame macFrame = p.PayloadPacket as MacFrame; Assert.IsFalse(macFrame.AppendFcs); Assert.IsFalse(macFrame.FCSValid); }
public PcapParser(string pcappath, string serverIp, string clientIp) { _serverIp = serverIp; _clientIp = clientIp; _capturedPackets = new List<PacketWrapper>(); _serverWireProtocol = new WireProtocol<ConanPacket>(); _clientWireProtocol = new WireProtocol<ConanPacket>(); _device = new CaptureFileReaderDevice(pcappath) { //Filter = "(ip and tcp) and (host " + serverIp + " or host " + clientIp + ")" Filter = "(ip and tcp) and host " + serverIp }; _device.OnPacketArrival += OnPacketArrival; }
public void PrintVerboseString() { Console.WriteLine("Loading the sample capture file"); var dev = new CaptureFileReaderDevice("../../CaptureFiles/ICMPv4.pcap"); dev.Open(); RawCapture rawCapture; Console.WriteLine("Reading packet data"); rawCapture = dev.GetNextPacket(); var p = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data); Console.WriteLine("Parsing"); var icmp = ICMPv4Packet.GetEncapsulated(p); Console.WriteLine("Printing human readable string"); Console.WriteLine(icmp.ToString(StringOutputType.Verbose)); }
//打开文件 private void btnOpen_Click(object sender, EventArgs e) { OpenFileDialog od = new OpenFileDialog(); od.Filter = "pcap文件|*.pcap"; if (od.ShowDialog() == DialogResult.OK) { Clear(); ICaptureDevice offDev = new SharpPcap.LibPcap.CaptureFileReaderDevice(od.FileName); RawCapture tempPacket; offDev.Open(); while ((tempPacket = offDev.GetNextPacket()) != null) { packetList.Add(tempPacket); ShowDataRows(tempPacket); } offDev.Close(); } }
private void OpenFile_Click(object sender, RoutedEventArgs e) { System.Windows.Forms.OpenFileDialog openfile = new OpenFileDialog(); openfile.InitialDirectory = Environment.CurrentDirectory; openfile.Filter = "pcap files (*.pcap)|*.pcap"; openfile.CheckFileExists = true; openfile.RestoreDirectory = true; if (openfile.ShowDialog() == System.Windows.Forms.DialogResult.OK) { string name = openfile.FileName; PacketsInfolistView.Items.Clear(); Network_dic = new Dictionary <string, int>(); TRANS_dic = new Dictionary <string, int>(); this.packets = new ArrayList(); SharpPcap.LibPcap.CaptureFileReaderDevice reader = new SharpPcap.LibPcap.CaptureFileReaderDevice(name); RawCapture rawp; try{ rawp = reader.GetNextPacket(); while (rawp != null) { packet temp = new packet(rawp); packets.Add(temp); ProcessContext(temp); rawp = reader.GetNextPacket(); } MessageBox.Show("success!"); } catch (Exception) { MessageBox.Show("fail!"); } } }
public void ProcessPcap() { sharpPcapDict = new Dictionary <Connection, TcpRecon>(); PcapDevice device; totalPackets = 0; totalTCPPackets = 0; try { device = new SharpPcap.LibPcap.CaptureFileReaderDevice(capFile); device.Open(); } catch (Exception ex) { ErrorMessage = "Error Loading pcap with SharpPcap: " + ex.Message; owner.Invoke(Complete, ips); return; } device.OnPacketArrival += new SharpPcap.PacketArrivalEventHandler(device_PcapOnPacketArrival); device.Capture(); //parse entire pcap until EOF device.Close(); foreach (TcpRecon tr in sharpPcapDict.Values) { tr.isComplete = true; if (tr.LastSavedOffset != tr.CurrentOffset) { AddNewNode(tr); } tr.Close(); } sharpPcapDict.Clear(); owner.Invoke(Complete, ips); return; }