代码拉取完成,页面将自动刷新
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Text;
using System.Windows.Forms;
using System.Threading;
using PacketDotNet;
using SharpPcap;
using SharpPcap.AirPcap;
using SharpPcap.LibPcap;
using SharpPcap.WinPcap;
using System.Net;
using System.Linq;
using DAL;
using Newtonsoft.Json.Linq;
using GetNetPackage.DAL;
using GetNetPackage.SqlModel;
namespace GetNetPackage
{
public partial class FormMain : Form
{
private delegate void _CrossSetDataTable(Int64 iSqe, DateTime dtTime, string sSource, ushort sSourcePort, string sDestination, ushort sDesPort, string sProtocol);
bool isRun = false;
ClsPackageCache clsPkgCache = new ClsPackageCache();
object objLock = new object();
Int64 iPackageCount;
DataTable dtPackage = new DataTable();
struct StrPackage
{
public DateTime time;
public string srcIp;
public string aimIp;
public string msg;
public ushort SourcePort;
public ushort DesPort;
public int Length;
public Packet Packet;
public MyIpPacket ipPacket;
public MyTCPPacket tcpPacket;
public MyUDPPacket udpPacket;
public MyARPPacket arpPacket;
public IPAddress SenderProtocolAddress;
public IPAddress TargetProtocolAddress;
public string Protocols;
}
Dictionary<Int64, StrPackage> lstPackage = new Dictionary<Int64, StrPackage>();
public FormMain()
{
InitializeComponent();
dtPackage.Columns.Add("Sqe", typeof(Int64));
dtPackage.Columns.Add("Time", typeof(DateTime));
dtPackage.Columns.Add("Source");
dtPackage.Columns.Add("SourcePort");
dtPackage.Columns.Add("Destination");
dtPackage.Columns.Add("DesPort");
dtPackage.Columns.Add("Protocol");
bdsPackage.DataSource = dtPackage;
}
public void CrossSetDataTable(Int64 iSqe, DateTime dtTime, string srcAddr, ushort sSourcePort, string aimAddr, ushort sDesPort, string sProtocol)
{
string text1 = srcIP.Text;
if (text1 != null && text1 != "")
{
if (srcAddr != srcIP.Text)
{
return;
}
}
string text = targetIPBox.Text;
if (text != null && text != "")
{
if (aimAddr != targetIPBox.Text)
{
return;
}
}
_CrossSetDataTable SetText = delegate (Int64 Sqe, DateTime Time, string Source, ushort SourcePort, string Destination, ushort DesPort, string Protocol)
{
this.dtPackage.Rows.Add(new object[] { Sqe, Time, Source, SourcePort, Destination, DesPort, Protocol });
};
this.Invoke(SetText, new object[] { iSqe, dtTime, srcAddr, sSourcePort, aimAddr, sDesPort, sProtocol });
}
public void Ini()
{
iPackageCount = 0;
lstPackage.Clear();
dtPackage.Rows.Clear();
txtPackageData.Text = string.Empty;
hexEditor1.LoadFromFile(new byte[0]);
dgvPackage.Sort(Column1, ListSortDirection.Descending);
}
private void EnableControl(bool state)
{
tscbxDeviceLst.Enabled = !isRun;
start.Enabled = !isRun;
tstxtFilter.Enabled = !isRun;
tsbtnClose.Enabled = isRun;
}
public void PackageAna()
{
RawCapture rawCapture = clsPkgCache.GetAndRemoveFrist();
if (rawCapture == null)
return;
iPackageCount++;
StrPackage strPackage = new StrPackage();
strPackage.time = rawCapture.Timeval.Date.ToLocalTime();
strPackage.Length = rawCapture.Data.Length;
Packet tempPacket = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data);
strPackage.Packet = tempPacket;
// TCP-IP
IpPacket ipPack = IpPacket.GetEncapsulated(tempPacket);
if (ipPack != null)
{
strPackage.Protocols += ipPack.Protocol.ToString() + "| ";
strPackage.ipPacket = new MyIpPacket(ipPack);
if (ipPack.Protocol.ToString() == "TCP")
{
TcpPacket tcppacket = TcpPacket.GetEncapsulated(tempPacket);
if (tcppacket != null)
{
strPackage.tcpPacket = new MyTCPPacket(tcppacket);
strPackage.SourcePort = tcppacket.SourcePort; // 80, 8080, 3128: Http; 21: FTP; 25: SMTP; 110: POP3
strPackage.DesPort = tcppacket.DestinationPort;
}
}
else if (ipPack.Protocol.ToString() == "UDP")
{
UdpPacket udppacket = UdpPacket.GetEncapsulated(tempPacket);
if (udppacket != null)
{
strPackage.udpPacket = new MyUDPPacket(udppacket);
strPackage.SourcePort = udppacket.SourcePort; // 53: DNS
strPackage.DesPort = udppacket.DestinationPort;
}
}
strPackage.srcIp = ipPack.SourceAddress.ToString();
strPackage.aimIp = ipPack.DestinationAddress.ToString();
strPackage.Protocols = ipPack.Protocol.ToString();
byte[] bytes = ipPack.Bytes;
string str = "";
foreach (byte data in bytes)
{
str += data.ToString("X2") + "-";
}
strPackage.msg = str;
CrossSetDataTable(iPackageCount, strPackage.time, ipPack.SourceAddress.ToString(), strPackage.SourcePort,
ipPack.DestinationAddress.ToString(), strPackage.DesPort, ipPack.Protocol.ToString());
lstPackage.Add(iPackageCount, strPackage);
}
// ARP
ARPPacket arpPack = ARPPacket.GetEncapsulated(tempPacket);
if (arpPack != null)
{
strPackage.Protocols += "ARP" + "| ";
ARPPacket packet = ARPPacket.GetEncapsulated(tempPacket);
if (packet != null)
{
strPackage.arpPacket = new MyARPPacket(arpPack);
}
strPackage.srcIp = arpPack.SenderProtocolAddress.ToString();
strPackage.aimIp = arpPack.TargetProtocolAddress.ToString();
strPackage.Protocols = "ARP";
byte[] bytes = arpPack.Bytes;
string str = "";
foreach (byte data in bytes)
{
str += data.ToString("X2") + "-";
}
strPackage.msg = str;
CrossSetDataTable(iPackageCount, strPackage.time, arpPack.SenderProtocolAddress.ToString(), strPackage.SourcePort,
arpPack.TargetProtocolAddress.ToString(), strPackage.DesPort, "ARP");
lstPackage.Add(iPackageCount, strPackage);
}
}
private void Form1_Load(object sender, EventArgs e)
{
tscbxDeviceLst.ComboBox.DisplayMember = "Text";
tscbxDeviceLst.ComboBox.ValueMember = "Value";
CaptureDeviceList deviceLst = CaptureDeviceList.Instance;
foreach (ICaptureDevice dev in deviceLst)
{
if (dev is AirPcapDevice)
{
Console.WriteLine(dev.ToString());
}
else if (dev is WinPcapDevice)
{
ClsComboboxItem clsCbxItem = new ClsComboboxItem();
clsCbxItem.Text = ((WinPcapDevice)dev).Interface.FriendlyName + " " + dev.Description.Split('\'')[1];
clsCbxItem.Value = dev;
tscbxDeviceLst.ComboBox.Items.Add(clsCbxItem);
}
else if (dev is LibPcapLiveDevice)
{
Console.WriteLine(dev.ToString());
}
}
}
private void tsbtnOpen_Click(object sender, EventArgs e)
{
if (tscbxDeviceLst.SelectedItem != null)
{
// 历史记录初始化
Ini();
ICaptureDevice Dev = ((ClsComboboxItem)tscbxDeviceLst.SelectedItem).Value;
Dev.OnPacketArrival += new PacketArrivalEventHandler(Dev_OnPacketArrival);
Dev.Open();
try
{
Dev.Filter = tstxtFilter.Text;
}
catch
{
MessageBox.Show("过滤条件语法错误");
return;
}
Dev.StartCapture();
isRun = true;
bgwPackageAna.RunWorkerAsync();
EnableControl(true);
}
}
private void tsbtnClose_Click(object sender, EventArgs e)
{
ICaptureDevice Device = ((ClsComboboxItem)tscbxDeviceLst.SelectedItem).Value;
Device.StopCapture();
Device.Close();
isRun = false;
tsbtnClose.Enabled = false;
}
void Dev_OnPacketArrival(object sender, CaptureEventArgs e)
{
lock (objLock)
{
clsPkgCache.AddItem(e.Packet);
}
}
private void Form1_FormClosing(object sender, FormClosingEventArgs e)
{
if (isRun)
{
tsbtnClose_Click(null, null);
}
}
private void bgwPackageAna_DoWork(object sender, DoWorkEventArgs e)
{
while (isRun || clsPkgCache.GetCount() > 0)
{
PackageAna();
Thread.Sleep(50);
}
}
private void bgwPackageAna_RunWorkerCompleted(object sender, RunWorkerCompletedEventArgs e)
{
EnableControl(false);
}
private void dgvPackage_CurrentCellChanged(object sender, EventArgs e)
{
if (dgvPackage.CurrentCell != null)
{
StrPackage sp;
lstPackage.TryGetValue((Int64)dgvPackage[0, dgvPackage.CurrentCell.RowIndex].Value, out sp);
if (sp.Packet != null)
{
hexEditor1.LoadFromFile(sp.Packet.Bytes);
byte[] bytes = sp.Packet.Bytes;
string msg = "";
foreach (var obj in bytes)
{
msg += obj.ToString("X2");
}
if (filtrationByRule.Text != null & filtrationByRule.Text != "")
{
// 获取全部规则
List<MsgRole> msgRoles = RuleDAL.SelectRulesList();
foreach (MsgRole model in msgRoles)
{
if (msg.Contains(model.matchMsg))
{
if (sp.Packet != null)
{
MysqlLogModel logModel = new MysqlLogModel();
logModel.srcIp = sp.srcIp;
logModel.aimIp = sp.aimIp;
logModel.srcPort = sp.SourcePort;
logModel.aimPort = sp.DesPort;
logModel.length = sp.Length;
logModel.protocols = sp.Protocols;
logModel.msg = sp.msg;
logModel.time = sp.time;
logModel.warnCase = model.describes.ToString();
JObject jObject = JObject.FromObject(logModel);
LogDAL.insertLog(jObject);
warnList.Items.Add("警告:" + logModel.time + " 检测到入侵信息,源ip:" + logModel.srcIp + " 目标ip" + logModel.aimIp);
}
}
}
}
txtPackageData.Text = sp.Packet.PrintHex();
}
}
}
public void timer1_Tick(object sender, EventArgs e)
{
lblPackageCacheCount.Text = clsPkgCache.GetCount().ToString();
}
public void toolStripButton1_Click(object sender, EventArgs e)
{
Ini();
}
private void splitContainer1_Panel1_Paint(object sender, PaintEventArgs e)
{
}
private void clean_Click(object sender, EventArgs e)
{
warnList.Items.Clear();
}
}
}
举报
请认真填写举报原因,尽可能描述详细。
请选择举报类型
误判申诉
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化