![]() ![]() Next eight represent the protocol encapsulated in the datagram Next sixteen bits contain the flags and fragmentation offset ( ushort)IPAddress.NetworkToHostOrder(binaryReader.ReadInt16()) Next sixteen have the identification bytes ( ushort) IPAddress.NetworkToHostOrder(binaryReader.ReadInt16()) Next eight bits hold the total length of the datagram The next eight bits contain the Differentiated servicesīyDifferentiatedServices = binaryReader.ReadByte() The first eight bits of the IP header contain the version and // header length so we read themīyVersionAndHeaderLength = binaryReader.ReadByte() Next we create a BinaryReader out of the MemoryStreamīinaryReader binaryReader = newBinaryReader(memoryStream) MemoryStream memoryStream = newMemoryStream(byBuffer, 0, nReceived) ![]() ![]() Create MemoryStream out of the received bytes offset private byte byTTL // Eight bits for TTL (Time To Live) private byte byProtocol // Eight bits for the underlying // protocol private short sChecksum // Sixteen bits for checksum of the // header private uint uiSourceIPAddress // Thirty two bit source IP Address private uint uiDestinationIPAddress // Thirty two bit destination IP Address // End IP Header fields private byte byHeaderLength // Header length private byte byIPData = new byte // Data carried by the datagram public IPHeader(byte byBuffer, int nReceived) IP Header fields private byte byVersionAndHeaderLength // Eight bits for version and header // length private byte byDifferentiatedServices // Eight bits for differentiated // services private ushort usTotalLength // Sixteen bits for total length private ushort usIdentification // Sixteen bits for identification private ushort usFlagsAndOffset // Eight bits for flags and frag. Thus a TCP packet is received inside the IP datagram, like this: This further contains the data sent by the application layer protocols such as DNS, HTTP, FTP, SMTP, SIP, etc. The IP datagram encapsulates the TCP and UDP packets. Next we start receiving all packets asynchronously. The second parameter passed to IOControl with IOControlCode.ReceiveAll should be TRUE so an array byTrue is created and passed to it (thanks to Leonid Molochniy for this). The IOControlCode.ReceiveAll implies that all incoming and outgoing packets on the particular interface be captured. Notice that IOControl is analogous to the Winsock2WSAIoctl method. After setting the proper options for the socket, we then call the IOControl method on it. MainSocket.BeginReceive(byteData, 0, byteData.Length, SocketFlags.None,įor capturing the packets, we use a raw socket and bind it to the IP address. Start receiving the packets asynchronously ![]() MainSocket.IOControl(IOControlCode.ReceiveAll, // SIO_RCVALL of Winsock Socket.IOControl is analogous to the WSAIoctl method of Winsock 2 SocketOptionName.HeaderIncluded, // Set the include header true) // option to true MainSocket.SetSocketOption(SocketOptionLevel.IP, // Applies only to IP packets MainSocket.Bind(newIPEndPoint(IPAddress.Parse(cmbInterfaces.Text), 0)) Bind the socket to the selected IP address MainSocket = newSocket(AddressFamily.InterNetwork, SocketType.Raw, For sniffing the socket to capture the packets // has to be a raw socket, with the address family // being of type internetwork, and protocol being IP ![]()
0 Comments
Leave a Reply. |