Packet Capture and Analayzer

firat kocak

Rate me:

4.88/5 (119 votes)

23 Sep 2003CPOL8 min read

1.5M

36.1K

437

Packet capture and analyzer program. With this program you can capture, display, analyze, save packets or load a saved packet file. It works like Etheral does.

pacanal.zip
- MyClasses
  - AssemblyInfo.cs
  - bin
    - Debug
    - Release
  - ColumnSorter.cs
  - Const.cs
  - Const_Org.cs
  - DeviceIOCtlh.cs
  - HexEditor.cs
  - mach2mach.cs
  - MyClasses.csproj
  - MyClasses.csproj.user
  - MyFunctions.cs
  - NtddNDish.cs
  - obj
    - Debug
      - temp
      - TempPE
    - Release
      - temp
      - TempPE
  - Packet32.cs
  - Packet32h.cs
  - PacketAARP.cs
  - PacketARP.cs
  - PacketCDP.cs
  - PacketDCERPC.cs
  - PacketDLSW.cs
  - PacketDNS.cs
  - PacketEIGRP.cs
  - PacketETHERNET.cs
  - PacketHTTP.cs
  - PacketICMP.cs
  - PacketIGRP.cs
  - PacketINTERNET.cs
  - PacketIP.cs
  - PacketIPX.cs
  - PacketLLC.cs
  - PacketLOOPBACK.cs
  - PacketMSWBROWSER.cs
  - PacketMSWLOGON.cs
  - PacketNBDS.cs
  - PacketNBNS.cs
  - PacketNBSS.cs
  - PacketNETBIOS.cs
  - PacketParser.cs
  - PacketSMB.cs
  - PacketSMBMAILSLOT.cs
  - PacketSQL.cs
  - PacketSTP.cs
  - PacketTB.cs
  - PacketTCP.cs
  - PacketTFTP.cs
  - PacketUDP.cs
  - WinService.cs
- Pacanal
  - App.ico
  - AssemblyInfo.cs
  - bin
    - Debug
      - Manufacturers.txt
      - npf_2KXP.sys
      - npf_NT.sys
      - WellKnown.txt
    - Release
  - CaptureMessage.cs
  - CaptureMessage.resx
  - CaptureOptions.cs
  - CaptureOptions.resx
  - ColumnOptions.cs
  - ColumnOptions.resx
  - DisplayTotals.cs
  - DisplayTotals.resx
  - FormPacanal.cs
  - FormPacanal.resx
  - obj
    - Debug
      - temp
      - TempPE
    - Release
      - temp
      - TempPE
  - Pacanal.csproj
  - Pacanal.csproj.user
  - TransparencyOptions.cs
  - TransparencyOptions.resx

using System;
using System.Windows.Forms;

namespace MyClasses
{

	public class PacketICMP
	{

		public struct PACKET_ICMP
		{
			public byte Type;
			public byte Code;
			public ushort Checksum;
			public ushort Identifier;
			public ushort SequenceNumber;
			public byte [] Data;
		}


		public PacketICMP()
		{
		}

		public static string GetTypeCodeString( byte b )
		{
			string [] IcmpTypeCodes = new string[32];

			int i = 0;

			for( i = 0; i < 32; i ++ )
				IcmpTypeCodes[ i ] = "Not defined";

			IcmpTypeCodes[ 0 ] = "Echo Reply";
			IcmpTypeCodes[ 3 ] = "Destination Unreachable";
			IcmpTypeCodes[ 4 ] = "Source Quench";
			IcmpTypeCodes[ 5 ] = "Redirect";
			IcmpTypeCodes[ 8 ] = "Echo";
			IcmpTypeCodes[ 9 ] = "Router Advertisement";
			IcmpTypeCodes[ 10 ] = "Router Selection";
			IcmpTypeCodes[ 11 ] = "Time Exceeded";
			IcmpTypeCodes[ 12 ] = "Parameter Problem";
			IcmpTypeCodes[ 13 ] = "Timestamp";
			IcmpTypeCodes[ 14 ] = "Timestamp Reply";
			IcmpTypeCodes[ 15 ] = "Information Request";
			IcmpTypeCodes[ 16 ] = "Information Reply";
			IcmpTypeCodes[ 17 ] = "Address Mask Request";
			IcmpTypeCodes[ 18 ] = "Address Mask Reply";
			IcmpTypeCodes[ 30 ] = "Traceroute";
			IcmpTypeCodes[ 31 ] = "Datagram Conversion Error";

			if( b > 31 ) return "Not defined";

			return IcmpTypeCodes[ b ];
			
		}



		public static bool Parser( ref TreeNodeCollection mNode, 
			byte [] PacketData , 
			ref int Index , 
			ref ListViewItem LItem )
		{
			TreeNode mNodex;
			string Tmp = "";
			int i = 0, Size = 0;
			PACKET_ICMP PIcmp;

			mNodex = new TreeNode();
			mNodex.Text = "ICMP ( Internet Control Message Protocol )";
			Function.SetPosition( ref mNodex , Index , PacketData.Length - Index , true );
	
			if( ( Index + Const.LENGTH_OF_ICMP ) > PacketData.Length )
			{
				mNode.Add( mNodex );
				Tmp = "[ Malformed ICMP packet. Remaining bytes don't fit an ICMP packet. Possibly due to bad decoding ]";
				mNode.Add( Tmp );
				LItem.SubItems[ Const.LIST_VIEW_INFO_INDEX ].Text = Tmp;
				
				return false;
			}

			try
			{

				PIcmp.Type = PacketData[ Index++ ];
				Tmp = "Type : " + Function.ReFormatString( PIcmp.Type , GetTypeCodeString( PIcmp.Type ) );
				mNodex.Nodes.Add( Tmp );
				Function.SetPosition( ref mNodex , Index - 1 , 1 , false );

				PIcmp.Code = PacketData[ Index++ ];
				Tmp = "Code : " + Function.ReFormatString( PIcmp.Code , GetTypeCodeString( PIcmp.Code ) );
				mNodex.Nodes.Add( Tmp );
				Function.SetPosition( ref mNodex , Index - 1 , 1 , false );

				PIcmp.Checksum = Function.Get2Bytes( PacketData , ref Index , Const.NORMAL );
				Tmp = "Checksum : " + Function.ReFormatString( PIcmp.Checksum , null );
				mNodex.Nodes.Add( Tmp );
				Function.SetPosition( ref mNodex , Index - 2 , 2 , false );

				PIcmp.Identifier = Function.Get2Bytes( PacketData , ref Index , Const.NORMAL );
				Tmp = "Identifier : " + Function.ReFormatString( PIcmp.Identifier , null );
				mNodex.Nodes.Add( Tmp );
				Function.SetPosition( ref mNodex , Index - 2 , 2 , false );

				PIcmp.SequenceNumber = Function.Get2Bytes( PacketData , ref Index , Const.NORMAL );
				Tmp = "Sequence Number : " + Function.ReFormatString( PIcmp.SequenceNumber , null ) ;
				mNodex.Nodes.Add( Tmp );
				Function.SetPosition( ref mNodex , Index - 2 , 2 , false );

				Size = PacketData.GetLength(0) - Index;
				PIcmp.Data = new byte[Size];

				for( i = 0; i < Size; i ++ )
					PIcmp.Data[i] = PacketData[ Index++ ];

				Tmp = "Data : ";
				mNodex.Nodes.Add( Tmp );
				Function.SetPosition( ref mNodex , Index , Size , false );
				
				LItem.SubItems[ Const.LIST_VIEW_PROTOCOL_INDEX ].Text = "ICMP";
				LItem.SubItems[ Const.LIST_VIEW_INFO_INDEX ].Text = GetTypeCodeString( PIcmp.Type );

				mNode.Add( mNodex );
				
			}
			catch( Exception Ex )
			{
				mNode.Add( mNodex );
				Tmp = "[ Malformed ICMP packet. Remaining bytes don't fit an ICMP packet. Possibly due to bad decoding ]";
				mNode.Add( Tmp );
				Tmp = "[ Exception raised is <" + Ex.GetType().ToString() + "> at packet index <" + Index.ToString() + "> ]";
				mNode.Add( Tmp );
				LItem.SubItems[ Const.LIST_VIEW_INFO_INDEX ].Text = "[ Malformed ICMP packet. Remaining bytes don't fit an ICMP packet. Possibly due to bad decoding ]";

				return false;
			}

			return true;

		}


		public static bool Parser( byte [] PacketData , 
			ref int Index , 
			ref ListViewItem LItem )
		{
			string Tmp = "";
			int i = 0, Size = 0;
			PACKET_ICMP PIcmp;

			if( ( Index + Const.LENGTH_OF_ICMP ) > PacketData.Length )
			{
				Tmp = "[ Malformed ICMP packet. Remaining bytes don't fit an ICMP packet. Possibly due to bad decoding ]";
				LItem.SubItems[ Const.LIST_VIEW_INFO_INDEX ].Text = Tmp;
				
				return false;
			}

			try
			{

				PIcmp.Type = PacketData[ Index++ ];
				PIcmp.Code = PacketData[ Index++ ];
				PIcmp.Checksum = Function.Get2Bytes( PacketData , ref Index , Const.NORMAL );
				PIcmp.Identifier = Function.Get2Bytes( PacketData , ref Index , Const.NORMAL );
				PIcmp.SequenceNumber = Function.Get2Bytes( PacketData , ref Index , Const.NORMAL );
				Size = PacketData.GetLength(0) - Index;
				PIcmp.Data = new byte[Size];

				for( i = 0; i < Size; i ++ )
					PIcmp.Data[i] = PacketData[ Index++ ];

				LItem.SubItems[ Const.LIST_VIEW_PROTOCOL_INDEX ].Text = "ICMP";
				LItem.SubItems[ Const.LIST_VIEW_INFO_INDEX ].Text = GetTypeCodeString( PIcmp.Type );

			}
			catch
			{
				Tmp = "[ Malformed ICMP packet. Remaining bytes don't fit an ICMP packet. Possibly due to bad decoding ]";
				LItem.SubItems[ Const.LIST_VIEW_INFO_INDEX ].Text = "[ Malformed ICMP packet. Remaining bytes don't fit an ICMP packet. Possibly due to bad decoding ]";

				return false;
			}

			return true;

		}


	}
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Written By

firat kocak

Web Developer

Turkey

Hi to all...
I am an alone programmer. i am not a specialist on programming but i love it. anyone who supports source code sharing is definetely my friend.
Because i am so poor on writing about myself, anyone who wants to learn more about me can feel free to contact me...

Packet Capture and Analayzer

License

Comments and Discussions