public Files()
{
this.protocol = "";
this.request_type = "";
this.packet_request = null;
this.packet_header = null;
this.file_name = "";
this.file_data = null;
}
public void update(System.Collections.ArrayList packets, int index)
{
try
{
packet pck = (packet)packets[index];
this.packet_request = pck;
this.protocol = pck.protocol;
// 现在只有http的两个模式和ftp,待完善
if (pck.info.IndexOf("GET") == 0)
{
this.request_type = "GET";
}
else if (pck.info.IndexOf("POST") == 0)
{
this.request_type = "POST";
}
else if (pck.info.IndexOf("Response: 150") == 0)
{
this.request_type = "FTP";
}
else
{
this.request_type = "UNKNOWN";
}
this.packet_header = this.find_header(packets, index, pck.tcp_info["AcknowledgmentNumber(确认序号)"]);
this.charset = this.protocol == "HTTP" ? this.find_charset() : "";
this.encoding = this.protocol == "HTTP" ? this.find_encoding() : "";
this.file_data = this.find_data(packets, index, this.packet_header.tcp_info["AcknowledgmentNumber(确认序号)"]);
this.file_name = this.find_fileName(pck);
this.file_type = this.file_name.LastIndexOf(".") > 0 ? this.file_name.Substring(this.file_name.LastIndexOf(".") + 1) : "";
}
catch
{
return;
}
}
private bool _filter_check(packet Packet, string key, string oper, string value)
{
// 取出packet中对应key的value,string形式
List<string> pac_value = new List<string>();
switch (key)
{
case "ip_addr":
pac_value.Add(Packet.destIp);
pac_value.Add(Packet.srcIp);
break;
case "port":
if (Packet.tcp_info.Count > 0)
{
pac_value.Add(Packet.tcp_info["SourcePort(源端口)"]);
pac_value.Add(Packet.tcp_info["DestinationPort(目的端口)"]);
}
if (Packet.udp_info.Count > 0)
{
pac_value.Add(Packet.udp_info["SourcePort(源端口)"]);
pac_value.Add(Packet.udp_info["DestinationPort(目的端口)"]);
}
break;
case "ip_version":
if (Packet.ip_info.Count > 0)
pac_value.Add(Packet.ip_info["Version(版本)"]);
break;
case "protocol":
if (Packet.ip_info.Count > 0)
pac_value.Add("IP");
if (Packet.tcp_info.Count > 0)
pac_value.Add("TCP");
if (Packet.udp_info.Count > 0)
pac_value.Add("UDP");
if (Packet.icmp_info.Count > 0)
pac_value.Add("ICMP");
if (Packet.igmp_info.Count > 0)
pac_value.Add("IGMP");
if (Packet.arp_info.Count > 0)
pac_value.Add("ARP");
if (Packet.application_info.Count > 0)
pac_value.Add(Packet.application_info["ApplicationType"]);
break;
case "DF":
if (Packet.ip_info.Count > 0 && Packet.ip_info["Version(版本)"] == "IPV4")
{
pac_value.Add(Packet.ip_info["DF"]);
}
break;
case "MF":
if (Packet.ip_info.Count > 0 && Packet.ip_info["Version(版本)"] == "IPV4")
{
pac_value.Add(Packet.ip_info["MF"]);
}
break;
case "application_data":
if (Packet.application_info.Count > 0)
pac_value.Add(Packet.application_info["Data"]);
break;
case "validate_checksum":
if (Packet.color == "Red")
return false ^ (oper == "!=");
else
return true ^ (oper =="!=");
case "info_start":
pac_value.Add(Packet.info.Substring(0, value.Length));
break;
default:
break;
}
switch (oper)
{
case "==":
if (include_array(pac_value, value))
{
return true;
}
break;
case "!=":
if (!include_array(pac_value, value))
{
return true;
}
break;
case "包含":
if (include_array_like(pac_value, value))
return true;
break;
default:
return true;
}
return false;
}
//当跨线程调用时,调用该方法进行UI界面更新
/// <summary>
/// 抓包后更新UI显示
/// </summary>
private void setDataGridView(packet Packet, int packet_index)
{
int index = this.dataGridView1.Rows.Add();
this.dataGridView1.Rows[index].DefaultCellStyle.BackColor = Color.FromName(Packet.color);
this.dataGridView1.Rows[index].Cells[0].Value = Packet.time;
this.dataGridView1.Rows[index].Cells[1].Value = Packet.srcIp;
this.dataGridView1.Rows[index].Cells[2].Value = Packet.destIp;
this.dataGridView1.Rows[index].Cells[3].Value = Packet.protocol;
this.dataGridView1.Rows[index].Cells[4].Value = Packet.info;
this.dataGridView1.Rows[index].Cells[5].Value = packet_index;
this.dataGridView1.FirstDisplayedScrollingRowIndex = this.dataGridView1.Rows.Count - 1;
}
private void PcapPorcessContext(SharpPcap.RawCapture pPacket)
{
packet temp = new packet(pPacket);
packets.Add(temp);
if (this.dataGridView1.InvokeRequired)
{
//if (temp.ip_info.Count > 0 && temp.ip_info["Version(版本)"] == "IPv6" && temp.tcp_info.Count > 0)
//if (temp.ip_info.Count > 0 && temp.ip_info["Version(版本)"] == "IPv4" && temp.ip_info["Protocol(协议)"] == "IGMP")
filterCheckDelegate filterDelegate = filter_check;
IAsyncResult asyncResult = filterDelegate.BeginInvoke(temp, null, null);
bool flag = filterDelegate.EndInvoke(asyncResult);
if (flag)
{
this.dataGridView1.BeginInvoke(new setDataGridViewDelegate(setDataGridView), new object[] { temp, packets.Count - 1 });
}
}
else
{/*
int index = this.dataGridView1.Rows.Add();
this.dataGridView1.Rows[index].DefaultCellStyle.BackColor = Color.FromName(temp.color);
this.dataGridView1.Rows[index].Cells[0].Value = temp.time;
this.dataGridView1.Rows[index].Cells[1].Value = temp.srcIp;
this.dataGridView1.Rows[index].Cells[2].Value = temp.destIp;
this.dataGridView1.Rows[index].Cells[3].Value = temp.protocol;
this.dataGridView1.Rows[index].Cells[4].Value = temp.info;
this.dataGridView1.Rows[index].Cells[5].Value = packets.Count - 1;
this.dataGridView1.FirstDisplayedScrollingRowIndex = this.dataGridView1.Rows.Count - 1;
*/}
}
private bool filter_check(packet Packet)
{
bool flag = true;
DataGridViewRowCollection rules = this.filter_rule.Rows;
foreach (DataGridViewRow item in rules)
{
string key = (string)(item.Cells[0].Value);
string oper = (string)(item.Cells[1].Value);
string value = (string)(item.Cells[2].Value);
flag = flag & _filter_check(Packet, key, oper, value);
}
return flag;
}
private void button5_Click(object sender, EventArgs e)
{
if (this.is_saved == true || MessageBox.Show("不保存并读取文件?", "提示", MessageBoxButtons.YesNo, MessageBoxIcon.Question, MessageBoxDefaultButton.Button2) == DialogResult.Yes)
{
try
{
this.device.StopCapture();
this.device.Close();
}
catch (Exception)
{
;
}
string capFile = "";
OpenFileDialog ofd = new OpenFileDialog();
ofd.InitialDirectory = Environment.GetFolderPath(Environment.SpecialFolder.Templates);
ofd.Filter = "PCAP(*.pcap)|*.pcap";
ofd.ValidateNames = true;
ofd.CheckFileExists = true;
ofd.CheckPathExists = true;
if (ofd.ShowDialog() == DialogResult.OK)
{
this.packets = new ArrayList();
this.dataGridView1.Rows.Clear();
capFile = ofd.FileName;
SharpPcap.LibPcap.CaptureFileReaderDevice captureFileReader = new SharpPcap.LibPcap.CaptureFileReaderDevice(capFile);
SharpPcap.RawCapture pPacket;
// Go through all packets in the file
while ((pPacket = captureFileReader.GetNextPacket()) != null)
{
try
{
packet temp = new packet(pPacket);
this.packets.Add(temp);
if (filter_check(temp))
{
if (this.dataGridView1.InvokeRequired)
{
this.dataGridView1.BeginInvoke(new setDataGridViewDelegate(setDataGridView), new object[] { temp, this.packets.Count - 1 });
}
else
{
int index = this.dataGridView1.Rows.Add();
this.dataGridView1.Rows[index].DefaultCellStyle.BackColor = Color.FromName(temp.color);
this.dataGridView1.Rows[index].Cells[0].Value = temp.time;
this.dataGridView1.Rows[index].Cells[1].Value = temp.srcIp;
this.dataGridView1.Rows[index].Cells[2].Value = temp.destIp;
this.dataGridView1.Rows[index].Cells[3].Value = temp.protocol;
this.dataGridView1.Rows[index].Cells[4].Value = temp.info;
this.dataGridView1.Rows[index].Cells[5].Value = packets.Count - 1;
this.dataGridView1.FirstDisplayedScrollingRowIndex = this.dataGridView1.Rows.Count - 1;
}
}
}
catch (Exception)
{
;
}
}
this.is_saved = true;
captureFileReader.Close();
MessageBox.Show("读取完毕");
}
}
}
private string find_fileName(packet pkt)
{
if (this.protocol == "HTTP")
{
string fileName = pkt.info.Split(' ')[1];
return fileName.Substring(fileName.LastIndexOf("/") + 1);
}
else if (this.protocol == "FTP")
{
return pkt.info.Split(' ')[2];
}
return "";
}