public Files() { this.protocol = ""; this.request_type = ""; this.packet_request = null; this.packet_header = null; this.file_name = ""; this.file_data = null; }
public void update(System.Collections.ArrayList packets, int index) { try { packet pck = (packet)packets[index]; this.packet_request = pck; this.protocol = pck.protocol; // 现在只有http的两个模式和ftp,待完善 if (pck.info.IndexOf("GET") == 0) { this.request_type = "GET"; } else if (pck.info.IndexOf("POST") == 0) { this.request_type = "POST"; } else if (pck.info.IndexOf("Response: 150") == 0) { this.request_type = "FTP"; } else { this.request_type = "UNKNOWN"; } this.packet_header = this.find_header(packets, index, pck.tcp_info["AcknowledgmentNumber(确认序号)"]); this.charset = this.protocol == "HTTP" ? this.find_charset() : ""; this.encoding = this.protocol == "HTTP" ? this.find_encoding() : ""; this.file_data = this.find_data(packets, index, this.packet_header.tcp_info["AcknowledgmentNumber(确认序号)"]); this.file_name = this.find_fileName(pck); this.file_type = this.file_name.LastIndexOf(".") > 0 ? this.file_name.Substring(this.file_name.LastIndexOf(".") + 1) : ""; } catch { return; } }
private bool _filter_check(packet Packet, string key, string oper, string value) { // 取出packet中对应key的value,string形式 List<string> pac_value = new List<string>(); switch (key) { case "ip_addr": pac_value.Add(Packet.destIp); pac_value.Add(Packet.srcIp); break; case "port": if (Packet.tcp_info.Count > 0) { pac_value.Add(Packet.tcp_info["SourcePort(源端口)"]); pac_value.Add(Packet.tcp_info["DestinationPort(目的端口)"]); } if (Packet.udp_info.Count > 0) { pac_value.Add(Packet.udp_info["SourcePort(源端口)"]); pac_value.Add(Packet.udp_info["DestinationPort(目的端口)"]); } break; case "ip_version": if (Packet.ip_info.Count > 0) pac_value.Add(Packet.ip_info["Version(版本)"]); break; case "protocol": if (Packet.ip_info.Count > 0) pac_value.Add("IP"); if (Packet.tcp_info.Count > 0) pac_value.Add("TCP"); if (Packet.udp_info.Count > 0) pac_value.Add("UDP"); if (Packet.icmp_info.Count > 0) pac_value.Add("ICMP"); if (Packet.igmp_info.Count > 0) pac_value.Add("IGMP"); if (Packet.arp_info.Count > 0) pac_value.Add("ARP"); if (Packet.application_info.Count > 0) pac_value.Add(Packet.application_info["ApplicationType"]); break; case "DF": if (Packet.ip_info.Count > 0 && Packet.ip_info["Version(版本)"] == "IPV4") { pac_value.Add(Packet.ip_info["DF"]); } break; case "MF": if (Packet.ip_info.Count > 0 && Packet.ip_info["Version(版本)"] == "IPV4") { pac_value.Add(Packet.ip_info["MF"]); } break; case "application_data": if (Packet.application_info.Count > 0) pac_value.Add(Packet.application_info["Data"]); break; case "validate_checksum": if (Packet.color == "Red") return false ^ (oper == "!="); else return true ^ (oper =="!="); case "info_start": pac_value.Add(Packet.info.Substring(0, value.Length)); break; default: break; } switch (oper) { case "==": if (include_array(pac_value, value)) { return true; } break; case "!=": if (!include_array(pac_value, value)) { return true; } break; case "包含": if (include_array_like(pac_value, value)) return true; break; default: return true; } return false; }
//当跨线程调用时,调用该方法进行UI界面更新 /// <summary> /// 抓包后更新UI显示 /// </summary> private void setDataGridView(packet Packet, int packet_index) { int index = this.dataGridView1.Rows.Add(); this.dataGridView1.Rows[index].DefaultCellStyle.BackColor = Color.FromName(Packet.color); this.dataGridView1.Rows[index].Cells[0].Value = Packet.time; this.dataGridView1.Rows[index].Cells[1].Value = Packet.srcIp; this.dataGridView1.Rows[index].Cells[2].Value = Packet.destIp; this.dataGridView1.Rows[index].Cells[3].Value = Packet.protocol; this.dataGridView1.Rows[index].Cells[4].Value = Packet.info; this.dataGridView1.Rows[index].Cells[5].Value = packet_index; this.dataGridView1.FirstDisplayedScrollingRowIndex = this.dataGridView1.Rows.Count - 1; }
private void PcapPorcessContext(SharpPcap.RawCapture pPacket) { packet temp = new packet(pPacket); packets.Add(temp); if (this.dataGridView1.InvokeRequired) { //if (temp.ip_info.Count > 0 && temp.ip_info["Version(版本)"] == "IPv6" && temp.tcp_info.Count > 0) //if (temp.ip_info.Count > 0 && temp.ip_info["Version(版本)"] == "IPv4" && temp.ip_info["Protocol(协议)"] == "IGMP") filterCheckDelegate filterDelegate = filter_check; IAsyncResult asyncResult = filterDelegate.BeginInvoke(temp, null, null); bool flag = filterDelegate.EndInvoke(asyncResult); if (flag) { this.dataGridView1.BeginInvoke(new setDataGridViewDelegate(setDataGridView), new object[] { temp, packets.Count - 1 }); } } else {/* int index = this.dataGridView1.Rows.Add(); this.dataGridView1.Rows[index].DefaultCellStyle.BackColor = Color.FromName(temp.color); this.dataGridView1.Rows[index].Cells[0].Value = temp.time; this.dataGridView1.Rows[index].Cells[1].Value = temp.srcIp; this.dataGridView1.Rows[index].Cells[2].Value = temp.destIp; this.dataGridView1.Rows[index].Cells[3].Value = temp.protocol; this.dataGridView1.Rows[index].Cells[4].Value = temp.info; this.dataGridView1.Rows[index].Cells[5].Value = packets.Count - 1; this.dataGridView1.FirstDisplayedScrollingRowIndex = this.dataGridView1.Rows.Count - 1; */} }
private bool filter_check(packet Packet) { bool flag = true; DataGridViewRowCollection rules = this.filter_rule.Rows; foreach (DataGridViewRow item in rules) { string key = (string)(item.Cells[0].Value); string oper = (string)(item.Cells[1].Value); string value = (string)(item.Cells[2].Value); flag = flag & _filter_check(Packet, key, oper, value); } return flag; }
private void button5_Click(object sender, EventArgs e) { if (this.is_saved == true || MessageBox.Show("不保存并读取文件?", "提示", MessageBoxButtons.YesNo, MessageBoxIcon.Question, MessageBoxDefaultButton.Button2) == DialogResult.Yes) { try { this.device.StopCapture(); this.device.Close(); } catch (Exception) { ; } string capFile = ""; OpenFileDialog ofd = new OpenFileDialog(); ofd.InitialDirectory = Environment.GetFolderPath(Environment.SpecialFolder.Templates); ofd.Filter = "PCAP(*.pcap)|*.pcap"; ofd.ValidateNames = true; ofd.CheckFileExists = true; ofd.CheckPathExists = true; if (ofd.ShowDialog() == DialogResult.OK) { this.packets = new ArrayList(); this.dataGridView1.Rows.Clear(); capFile = ofd.FileName; SharpPcap.LibPcap.CaptureFileReaderDevice captureFileReader = new SharpPcap.LibPcap.CaptureFileReaderDevice(capFile); SharpPcap.RawCapture pPacket; // Go through all packets in the file while ((pPacket = captureFileReader.GetNextPacket()) != null) { try { packet temp = new packet(pPacket); this.packets.Add(temp); if (filter_check(temp)) { if (this.dataGridView1.InvokeRequired) { this.dataGridView1.BeginInvoke(new setDataGridViewDelegate(setDataGridView), new object[] { temp, this.packets.Count - 1 }); } else { int index = this.dataGridView1.Rows.Add(); this.dataGridView1.Rows[index].DefaultCellStyle.BackColor = Color.FromName(temp.color); this.dataGridView1.Rows[index].Cells[0].Value = temp.time; this.dataGridView1.Rows[index].Cells[1].Value = temp.srcIp; this.dataGridView1.Rows[index].Cells[2].Value = temp.destIp; this.dataGridView1.Rows[index].Cells[3].Value = temp.protocol; this.dataGridView1.Rows[index].Cells[4].Value = temp.info; this.dataGridView1.Rows[index].Cells[5].Value = packets.Count - 1; this.dataGridView1.FirstDisplayedScrollingRowIndex = this.dataGridView1.Rows.Count - 1; } } } catch (Exception) { ; } } this.is_saved = true; captureFileReader.Close(); MessageBox.Show("读取完毕"); } } }
private string find_fileName(packet pkt) { if (this.protocol == "HTTP") { string fileName = pkt.info.Split(' ')[1]; return fileName.Substring(fileName.LastIndexOf("/") + 1); } else if (this.protocol == "FTP") { return pkt.info.Split(' ')[2]; } return ""; }