Total members 11895 |It is currently Mon Dec 30, 2024 6:41 pm Login / Join Codemiles

Java

C/C++

PHP

C#

HTML

CSS

ASP

Javascript

JQuery

AJAX

XSD

Python

Matlab

R Scripts

Weka






 Project Name:   Packet Capture and Analyzer
 Programmer:   firat kocak
 Type:   Network
 Technology:  C#
 IDE:   NONE
 Description:   The first idea of writing a packet sniffer program came from a reply to my comments on one of the projects named "NetSend ( Sending popup messenger messages between computers )" by Marc Clifton. Marc asked me "What about receiving message". To say the truth, I didn't know how I could do that. I knew a program which I had downloaded and tested years ago. But I didn't know the way of it. So I made a search on net about programs that can receive messages created by NetSend. And I noticed that many of them were using packet sniffer libraries. And then decided to learn how it is done. My search attempts gave a result and I found a free library named WinPCap.

After previewing the WinPCap source code , my first trial was to write a wrapper class for it. But what I did was not what I expected. And I had no control over the code. So I decided to port the base library of WinPCap named PacketNt.dll to C#. After many weeks and debug trials, I finished it. And then I wrote a new class to make capture process easy. And all these happen, a new class was created, Function. Yes, now I could catch packets from the network card but I wasn't able to display them. Because I had no idea what they meant. My next search was to find a program with free source code that can display packets. Yes, yes, as you guess, I found it. Its name is Etheral. It is really a great program and free.

First I traced the packets captured by Etheral and built some protocols and was able to display them in my test program. And then (after getting the source code of it ), I used the source code to learn the protocol structures. Now my program supports over 15 protocols. My aim is to add all protocols supported by Etheral to my program and to make it available to all of you. At this point, I will be very happy if some of you are interested in this kind of projects, to finish it. I am alone, and to port all protocols to C# is absolutely time consuming and tiring.


Attachment:
PacanalView.jpg
PacanalView.jpg [ 52.94 KiB | Viewed 12429 times ]





Attachments:
Pacanal.zip [364.86 KiB]
Downloaded 4433 times

_________________
Please recommend my post if you found it helpful. ,
java,j2ee,ccna ,ccnp certified .
Author:
Expert
User avatar Posts: 838
Have thanks: 2 time

witch IDE did u use .i can't make this program work
thx



Author:
Newbie
User avatar Posts: 1
Have thanks: 0 time

we want any software to run this project?



Author:
Newbie
User avatar Posts: 1
Have thanks: 0 time

Hi,

i am doing Packet Capture and Analyzer project..
i download the pacanal.zip from your post....
but it is not executing... could you help me to run the project...



Author:
Newbie
User avatar Posts: 2
Have thanks: 0 time

it is a C# program . Here is a code sample
csharp code
using System;
using System.Windows.Forms;

namespace MyClasses
{

public class PacketTCP
{

public struct PACKET_TCP
{
public ushort SourcePort;
public ushort DestinationPort;
public uint SequenceNumber;
public uint Acknowledgement;
public byte HeaderLength;
public byte Falgs;
public ushort WindowSize;
public ushort Checksum;
public ushort Options;
}


public PacketTCP()
{
}

public static bool Parser( ref TreeNodeCollection mNode,
byte [] PacketData ,
ref int Index ,
ref ListViewItem LItem , ref uint PreviousHttpSequence )
{
TreeNode mNodex;
TreeNode mNode1;
string Tmp = "";
PACKET_TCP PTcp;

mNodex = new TreeNode();
mNodex.Text = "TCP ( Transmission Control Protocol )";
Function.SetPosition( ref mNodex , Index , Const.LENGTH_OF_TCP , true );

if( ( Index + Const.LENGTH_OF_TCP ) > PacketData.Length )
{
mNode.Add( mNodex );

Tmp = "[ Malformed TCP packet. Remaining bytes

don't fit an TCP packet. Possibly due to bad decoding ]";
mNode.Add( Tmp );
LItem.SubItems[ Const.LIST_VIEW_INFO_INDEX ].Text = Tmp;

return false;
}

try
{
PTcp.SourcePort = Function.Get2Bytes( PacketData , ref Index , Const.NORMAL );

Tmp = "Source Port : " + Function.ReFormatString( PTcp.SourcePort ,

Const.GetPortStr( PTcp.SourcePort ) );

mNodex.Nodes.Add( Tmp );
Function.SetPosition( ref mNodex , Index - 2 , 2 , false );
LItem.SubItems[ Const.LIST_VIEW_SOURCE_PORT_INDEX ].Text =

PTcp.SourcePort.ToString();

PTcp.DestinationPort = Function.Get2Bytes( PacketData , ref Index , Const.NORMAL );
Tmp = "Destination Port : " + Function.ReFormatString( PTcp.DestinationPort ,

Const.GetPortStr( PTcp.DestinationPort ) );
mNodex.Nodes.Add( Tmp );
Function.SetPosition( ref mNodex , Index - 2 , 2 , false );
LItem.SubItems[ Const.LIST_VIEW_DESTINATION_PORT_INDEX ].Text =

PTcp.DestinationPort.ToString();

PTcp.SequenceNumber = Function.Get4Bytes( PacketData , ref Index , Const.NORMAL

);
Tmp = "Sequence Number : " + Function.ReFormatString( PTcp.SequenceNumber , null );
mNodex.Nodes.Add( Tmp );
Function.SetPosition( ref mNodex , Index - 4 , 4 , false );
LItem.SubItems[ Const.LIST_VIEW_SEQUENCE_INDEX ].Text =

PTcp.SequenceNumber.ToString();

PTcp.Acknowledgement = Function.Get4Bytes( PacketData , ref Index , Const.NORMAL );
Tmp = "Acknowledgement : " + Function.ReFormatString( PTcp.Acknowledgement , null );
mNodex.Nodes.Add( Tmp );
Function.SetPosition( ref mNodex , Index - 4 , 4 , false );
LItem.SubItems[ Const.LIST_VIEW_ACKNOWLEDGE_INDEX ].Text = PTcp.Acknowledgement.ToString();

PTcp.HeaderLength = PacketData[ Index++ ];
PTcp.HeaderLength = (byte) ( ( (int) PTcp.HeaderLength >> 4 ) * 4 );
Tmp = "Length : " + Function.ReFormatString( PTcp.HeaderLength , null );
mNodex.Nodes.Add( Tmp );
Function.SetPosition( ref mNodex , Index - 1 , 1 , false );

PTcp.Falgs = PacketData[ Index++ ];
mNode1 = new TreeNode();
mNode1.Text = "Flags : " + Function.ReFormatString( PTcp.Falgs , null );
Function.SetPosition( ref mNode1 , Index - 1 , 1 , true );
mNode1.Nodes.Add( Function.DecodeBitField( PTcp.Falgs , 0x80

, "Congestion window reduced ( CWR ) : Set" , "Congestion window reduced ( CWR ) : Not set" ) );
Function.SetPosition( ref mNode1 , Index - 1 , 1 , false );
mNode1.Nodes.Add( Function.DecodeBitField( PTcp.Falgs , 0x40

, "ECN-Echo : Set" , "ECN-Echo : Not set" ) );
Function.SetPosition( ref mNode1 , Index - 1 , 1 , false );
mNode1.Nodes.Add( Function.DecodeBitField( PTcp.Falgs , 0x20

, "Urgent : Set" , "Urgent : Not set" ) );
Function.SetPosition( ref mNode1 , Index - 1 , 1 , false );
mNode1.Nodes.Add( Function.DecodeBitField( PTcp.Falgs , 0x10

, "Acknowldegement : Set" , "Acknowldegement : Not set" ) );
Function.SetPosition( ref mNode1 , Index - 1 , 1 , false );
mNode1.Nodes.Add( Function.DecodeBitField( PTcp.Falgs , 0x08

, "Push : Set" , "Push : Not set" ) );
Function.SetPosition( ref mNode1 , Index - 1 , 1 , false );
mNode1.Nodes.Add( Function.DecodeBitField( PTcp.Falgs , 0x04 , "Reset : Set" , "Reset : Not set" ) );
Function.SetPosition( ref mNode1 , Index - 1 , 1 , false );
mNode1.Nodes.Add( Function.DecodeBitField( PTcp.Falgs ,

0x02 , "Sync : Set" , "Sync : Not set" ) );
Function.SetPosition( ref mNode1 , Index - 1 , 1 , false );
mNode1.Nodes.Add( Function.DecodeBitField( PTcp.Falgs ,

0x01 , "Fin : Set" , "Fin : Not set" ) );
Function.SetPosition( ref mNode1 , Index - 1 , 1 , false );
mNodex.Nodes.Add( mNode1 );

PTcp.WindowSize = Function.Get2Bytes( PacketData , ref Index , Const.NORMAL );

Tmp = "Window Size : " + Function.ReFormatString( PTcp.WindowSize , null );

mNodex.Nodes.Add( Tmp );
Function.SetPosition( ref mNodex , Index - 2 , 2 , false );

PTcp.Checksum = Function.Get2Bytes( PacketData , ref Index , Const.NORMAL );
Tmp = "Checksum : " + Function.ReFormatString( PTcp.Checksum , null );
mNodex.Nodes.Add( Tmp );

Function.SetPosition( ref mNodex , Index - 2 , 2 , false );

PTcp.Options = Function.Get2Bytes( PacketData , ref Index , Const.NORMAL );
Tmp = "Options : " + Function.ReFormatString( PTcp.Options , null );
mNodex.Nodes.Add( Tmp );
Function.SetPosition( ref mNodex , Index - 2 , 2 , false );

LItem.SubItems[ Const.LIST_VIEW_PROTOCOL_INDEX ].Text = "TCP";
LItem.SubItems[ Const.LIST_VIEW_INFO_INDEX ].Text = "Source Port = " +

PTcp.SourcePort.ToString() + " ( " + Const.GetPortStr( PTcp.SourcePort ) + " ) , Destination Port = " +

PTcp.DestinationPort.ToString() + " ( " + Const.GetPortStr( PTcp.DestinationPort ) + " )";

mNode.Add( mNodex );

bool IsCifs = false;

if( ( PTcp.SourcePort == Const.IPPORT_HTTP ) ||
( PTcp.DestinationPort == Const.IPPORT_HTTP ) ||
( PTcp.SourcePort == Const.IPPORT_HTTP2 ) ||
( PTcp.DestinationPort == Const.IPPORT_HTTP2 ) )
{
if( PreviousHttpSequence == ( PTcp.SequenceNumber - ( PacketData.Length - 54 ) ) )
{
PreviousHttpSequence = PTcp.SequenceNumber;
PacketHTTP.Parser( ref mNode , PacketData , ref Index , ref LItem , false );
}
else
{
PreviousHttpSequence = 0;
PacketHTTP.Parser( ref mNode , PacketData , ref Index , ref LItem , true );
}

}
// <KEITH>
// This code calls PacketSQL to parse the contents
else if ( ( PTcp.SourcePort == Const.IPPORT_SQL ) ||
( PTcp.DestinationPort == Const.IPPORT_SQL ) )
{
PacketSQL.Parser( ref mNode, PacketData, ref Index, ref LItem, true );
}
// </KEITH>
else if( ( PTcp.SourcePort == Const.IPPORT_NBSSN ) ||
( PTcp.DestinationPort == Const.IPPORT_NBSSN ) )
{
if( ( PTcp.SourcePort == Const.TCP_PORT_CIFS ) || ( PTcp.DestinationPort ==


Const.TCP_PORT_CIFS ) )
IsCifs = true;
else
IsCifs = false;

PacketNBSS.Parser( ref mNode , PacketData , ref Index , ref LItem , IsCifs );
}


}
catch( Exception Ex )
{
mNode.Add( mNodex );
Tmp =
"[ Malformed TCP packet. Remaining bytes

don't fit an TCP packet. Possibly due

to bad decoding ]";
mNode.Add( Tmp );
Tmp = "[ Exception raised is <" + Ex.GetType().ToString() + "> at packet index <" + Index.ToString() + "> ]";
mNode.Add( Tmp );
LItem.SubItems[ Const.LIST_VIEW_INFO_INDEX ].Text =

"[ Malformed TCP packet. Remaining bytes don't fit an TCP packet. Possibly due to bad decoding ]";

return false;
}

return true;

}


public static bool Parser( byte [] PacketData ,
ref int Index ,
ref ListViewItem LItem , ref uint PreviousHttpSequence )
{
string Tmp = "";
PACKET_TCP PTcp;

if( ( Index + Const.LENGTH_OF_TCP ) > PacketData.Length )
{
Tmp = "[ Malformed TCP packet. Remaining bytes don't fit an TCP packet. Possibly due

to bad decoding ]";
LItem.SubItems[ Const.LIST_VIEW_INFO_INDEX ].Text = Tmp;

return false;
}

try
{
PTcp.SourcePort = Function.Get2Bytes( PacketData , ref Index , Const.NORMAL );
PTcp.DestinationPort = Function.Get2Bytes( PacketData , ref Index , Const.NORMAL );
PTcp.SequenceNumber = Function.Get4Bytes( PacketData , ref Index , Const.NORMAL );
PTcp.Acknowledgement = Function.Get4Bytes( PacketData , ref Index , Const.NORMAL );
PTcp.HeaderLength = PacketData[ Index++ ];
PTcp.HeaderLength = (byte) ( ( (int) PTcp.HeaderLength >> 4 ) * 4 );
PTcp.Falgs = PacketData[ Index++ ];
PTcp.WindowSize = Function.Get2Bytes( PacketData , ref Index , Const.NORMAL );
PTcp.Checksum = Function.Get2Bytes( PacketData , ref Index , Const.NORMAL );
PTcp.Options = Function.Get2Bytes( PacketData , ref Index , Const.NORMAL );

LItem.SubItems[ Const.LIST_VIEW_SOURCE_PORT_INDEX ].Text = PTcp.SourcePort.ToString();
LItem.SubItems[ Const.LIST_VIEW_DESTINATION_PORT_INDEX ].Text = PTcp.DestinationPort.ToString();
LItem.SubItems[ Const.LIST_VIEW_SEQUENCE_INDEX ].Text = PTcp.SequenceNumber.ToString();
LItem.SubItems[ Const.LIST_VIEW_ACKNOWLEDGE_INDEX ].Text = PTcp.Acknowledgement.ToString();
LItem.SubItems[ Const.LIST_VIEW_PROTOCOL_INDEX ].Text = "TCP";
LItem.SubItems[ Const.LIST_VIEW_INFO_INDEX ].Text = "Source Port = "

+ PTcp.SourcePort.ToString() + " ( " + Const.GetPortStr( PTcp.SourcePort ) + " ) ,

Destination Port = " + PTcp.DestinationPort.ToString() +

" ( " + Const.GetPortStr( PTcp.DestinationPort ) + " )";

bool IsCifs = false;

if( ( PTcp.SourcePort == Const.IPPORT_HTTP ) ||
( PTcp.DestinationPort == Const.IPPORT_HTTP ) ||
( PTcp.SourcePort == Const.IPPORT_HTTP2 ) ||
( PTcp.DestinationPort == Const.IPPORT_HTTP2 ) )
{
if( PreviousHttpSequence == ( PTcp.SequenceNumber - ( PacketData.Length - 54 ) ) )
{
PreviousHttpSequence = PTcp.SequenceNumber;
PacketHTTP.Parser( PacketData , ref Index , ref LItem , false );
}
else
{
PreviousHttpSequence = 0;
PacketHTTP.Parser( PacketData , ref Index , ref LItem , true );
}
}
// <KEITH>
// This code calls PacketSQL to parse the contents
else if ( ( PTcp.SourcePort == Const.IPPORT_SQL ) ||
( PTcp.DestinationPort == Const.IPPORT_SQL ) )
{
PacketSQL.Parser( PacketData, ref Index, ref LItem, false );
}
// </KEITH>
else if( ( PTcp.SourcePort == Const.IPPORT_NBSSN ) ||
( PTcp.DestinationPort == Const.IPPORT_NBSSN ) )
{
if( ( PTcp.SourcePort == Const.TCP_PORT_CIFS ) || ( PTcp.DestinationPort ==

Const.TCP_PORT_CIFS ) )
IsCifs = true;
else
IsCifs = false;

PacketNBSS.Parser( PacketData , ref Index , ref LItem , IsCifs );
}


}
catch
{
LItem.SubItems[ Const.LIST_VIEW_INFO_INDEX ].Text = "[ Malformed TCP packet.

Remaining bytes don't fit an TCP packet. Possibly due to bad decoding ]";

return false;
}

return true;

}


}
}



_________________
M. S. Rakha, Ph.D.
Queen's University
Canada


Author:
Mastermind
User avatar Posts: 2715
Have thanks: 74 time

Do you have this code in Java



Author:
Newbie
User avatar Posts: 1
Have thanks: 0 time
Post new topic Reply to topic  [ 6 posts ] 

  Related Posts  to : Packet Capture and Analyzer
 compiler code of syntax analyzer in C++     -  
 Screen Capture and multicast     -  
 Senior Java Developer for Prime Broker Trade Capture - USA     -  
 How can i send packet to some comuputer     -  
 coding a simple packet sniffer     -  
 about packet tracer for my web application in java....     -  
 how do to network packet transfering and analyzing in c#     -  



Topic Tags

C# Projects, C# Networking







Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
All copyrights reserved to codemiles.com 2007-2011
mileX v1.0 designed by codemiles team
Codemiles.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com