diff --git a/BruteShark/BruteSharkCli/BruteSharkCli.cs b/BruteShark/BruteSharkCli/BruteSharkCli.cs index 0489b08..ecef848 100644 --- a/BruteShark/BruteSharkCli/BruteSharkCli.cs +++ b/BruteShark/BruteSharkCli/BruteSharkCli.cs @@ -16,7 +16,7 @@ internal class BruteSharkCli private ulong _udpPacketsCount; private int _tcpSessionsCount; private int _udpStreamsCount; - private PcapProcessor.Processor _processor; + private PcapProcessor.ProcessorEngine _processor; private PcapAnalyzer.Analyzer _analyzer; private List _files; private HashSet _passwords; @@ -38,7 +38,7 @@ public BruteSharkCli() _files = new List(); _connections = new HashSet(); - _processor = new PcapProcessor.Processor(); + _processor = new PcapProcessor.ProcessorEngine(false); _analyzer = new PcapAnalyzer.Analyzer(); _shell = new CliShell(seperator:"Brute-Shark > "); @@ -67,6 +67,7 @@ public BruteSharkCli() _shell.AddCommand(new CliShellCommand("show-networkmap", p => PrintNetworkMap(), "Prints the network map as a json string. Usage: show-networkmap")); _shell.AddCommand(new CliShellCommand("export-hashes", p => ExportHashes(p), "Export all Hashes to Hascat format input files. Usage: export-hashes ")); _shell.AddCommand(new CliShellCommand("export-networkmap", p => ExportNetworkMap(p), "Export network map to a json file for neo4j. Usage: export-networkmap ")); + _shell.AddCommand(new CliShellCommand("process-files-parallel", p => this._processor.ProcessFilesParallel = true, "Processes the pcap files in paralell")); } diff --git a/BruteShark/BruteSharkDesktop/MainForm.Designer.cs b/BruteShark/BruteSharkDesktop/MainForm.Designer.cs index 84fd575..f892218 100644 --- a/BruteShark/BruteSharkDesktop/MainForm.Designer.cs +++ b/BruteShark/BruteSharkDesktop/MainForm.Designer.cs @@ -55,6 +55,7 @@ private void InitializeComponent() this.optionsGroupBox = new System.Windows.Forms.GroupBox(); this.buildUdpSessionsCheckBox = new System.Windows.Forms.CheckBox(); this.buildTcpSessionsCheckBox = new System.Windows.Forms.CheckBox(); + this.ProcessFilesParallelCheckBox = new System.Windows.Forms.CheckBox(); this.modulesGroupBox = new System.Windows.Forms.GroupBox(); this.modulesCheckedListBox = new System.Windows.Forms.CheckedListBox(); this.secondaryLowerSplitContainer = new System.Windows.Forms.SplitContainer(); @@ -202,6 +203,7 @@ private void InitializeComponent() // this.optionsGroupBox.Controls.Add(this.buildUdpSessionsCheckBox); this.optionsGroupBox.Controls.Add(this.buildTcpSessionsCheckBox); + this.optionsGroupBox.Controls.Add(this.ProcessFilesParallelCheckBox); this.optionsGroupBox.Location = new System.Drawing.Point(311, 9); this.optionsGroupBox.Name = "optionsGroupBox"; this.optionsGroupBox.Size = new System.Drawing.Size(200, 154); @@ -237,6 +239,18 @@ private void InitializeComponent() this.buildTcpSessionsCheckBox.UseVisualStyleBackColor = true; this.buildTcpSessionsCheckBox.CheckedChanged += new System.EventHandler(this.buildTcpSessionsCheckBox_CheckedChanged); // + // ProcessFilesParallelCheckBox + // + this.ProcessFilesParallelCheckBox.Appearance = System.Windows.Forms.Appearance.Button; + this.ProcessFilesParallelCheckBox.AutoSize = true; + this.ProcessFilesParallelCheckBox.Location = new System.Drawing.Point(16, 84); + this.ProcessFilesParallelCheckBox.Name = "ProcessFilesParallelCheckBox"; + this.ProcessFilesParallelCheckBox.Size = new System.Drawing.Size(151, 25); + this.ProcessFilesParallelCheckBox.TabIndex = 0; + this.ProcessFilesParallelCheckBox.Text = "Process Files Parallel: OFF"; + this.ProcessFilesParallelCheckBox.UseVisualStyleBackColor = true; + this.ProcessFilesParallelCheckBox.CheckedChanged += new System.EventHandler(this.ProcessFilesParallel_CheckedChanged); + // // modulesGroupBox // this.modulesGroupBox.Controls.Add(this.modulesCheckedListBox); @@ -279,7 +293,7 @@ private void InitializeComponent() // this.secondaryLowerSplitContainer.Panel2.Controls.Add(this.progressBar); this.secondaryLowerSplitContainer.Size = new System.Drawing.Size(1316, 501); - this.secondaryLowerSplitContainer.SplitterDistance = 449; + this.secondaryLowerSplitContainer.SplitterDistance = 448; this.secondaryLowerSplitContainer.SplitterWidth = 5; this.secondaryLowerSplitContainer.TabIndex = 0; // @@ -294,7 +308,7 @@ private void InitializeComponent() // modulesSplitContainer.Panel1 // this.modulesSplitContainer.Panel1.Controls.Add(this.modulesTreeView); - this.modulesSplitContainer.Size = new System.Drawing.Size(1316, 449); + this.modulesSplitContainer.Size = new System.Drawing.Size(1316, 448); this.modulesSplitContainer.SplitterDistance = 228; this.modulesSplitContainer.SplitterWidth = 5; this.modulesSplitContainer.TabIndex = 0; @@ -327,7 +341,7 @@ private void InitializeComponent() treeNode3, treeNode7, treeNode9}); - this.modulesTreeView.Size = new System.Drawing.Size(228, 449); + this.modulesTreeView.Size = new System.Drawing.Size(228, 448); this.modulesTreeView.TabIndex = 0; this.modulesTreeView.AfterSelect += new System.Windows.Forms.TreeViewEventHandler(this.modulesTreeView_AfterSelect); // @@ -337,7 +351,7 @@ private void InitializeComponent() this.progressBar.Location = new System.Drawing.Point(0, 0); this.progressBar.Margin = new System.Windows.Forms.Padding(4, 3, 4, 3); this.progressBar.Name = "progressBar"; - this.progressBar.Size = new System.Drawing.Size(1316, 47); + this.progressBar.Size = new System.Drawing.Size(1316, 48); this.progressBar.TabIndex = 0; // // MainForm @@ -391,6 +405,7 @@ private void InitializeComponent() private System.Windows.Forms.GroupBox optionsGroupBox; private System.Windows.Forms.CheckBox buildTcpSessionsCheckBox; private System.Windows.Forms.CheckBox buildUdpSessionsCheckBox; + private System.Windows.Forms.CheckBox ProcessFilesParallelCheckBox; } } diff --git a/BruteShark/BruteSharkDesktop/MainForm.cs b/BruteShark/BruteSharkDesktop/MainForm.cs index 5e26a01..5fdc22d 100644 --- a/BruteShark/BruteSharkDesktop/MainForm.cs +++ b/BruteShark/BruteSharkDesktop/MainForm.cs @@ -17,7 +17,7 @@ namespace BruteSharkDesktop public partial class MainForm : Form { private HashSet _files; - private PcapProcessor.Processor _processor; + private PcapProcessor.ProcessorEngine _processor; private PcapAnalyzer.Analyzer _analyzer; private GenericTableUserControl _passwordsUserControl; @@ -35,8 +35,9 @@ public MainForm() _files = new HashSet(); // Create the DAL and BLL objects. - _processor = new PcapProcessor.Processor(); + _processor = new PcapProcessor.ProcessorEngine(false) ; _analyzer = new PcapAnalyzer.Analyzer(); + _processor.ProcessFilesParallel = false; _processor.BuildTcpSessions = true; _processor.BuildUdpSessions = true; @@ -313,6 +314,20 @@ private void buildTcpSessionsCheckBox_CheckedChanged(object sender, EventArgs e) messageOnBuildSessionsConfigurationChanged(); } } + + private void ProcessFilesParallel_CheckedChanged(object sender, EventArgs e) + { + if (ProcessFilesParallelCheckBox.CheckState == CheckState.Checked) + { + ProcessFilesParallelCheckBox.Text = "Process Files Parallel : ON"; + this._processor.ProcessFilesParallel = true; + } + else if (ProcessFilesParallelCheckBox.CheckState == CheckState.Unchecked) + { + ProcessFilesParallelCheckBox.Text = "Process Files Parallel : OFF"; + this._processor.ProcessFilesParallel = false; + } + } private void buildUdpSessionsCheckBox_CheckedChanged(object sender, EventArgs e) { diff --git a/BruteShark/PcapProcessor/ProcessingPrecentsPredicator.cs b/BruteShark/PcapProcessor/ProcessingPrecentsPredicator.cs index 00392f2..aba775c 100644 --- a/BruteShark/PcapProcessor/ProcessingPrecentsPredicator.cs +++ b/BruteShark/PcapProcessor/ProcessingPrecentsPredicator.cs @@ -3,10 +3,11 @@ using System.IO; using System.Linq; using System.Text; +using System.Collections.Concurrent; namespace PcapProcessor { - class ProcessingPrecentsPredicator + public class ProcessingPrecentsPredicator { public delegate void ProcessingPrecentsChangedEventHandler(object sender, ProcessingPrecentsChangedEventArgs e); public event ProcessingPrecentsChangedEventHandler ProcessingPrecentsChanged; @@ -60,7 +61,8 @@ public void NotifyAboutProcessedData(long additionalData) public void NotifyAboutProcessedFile(FileInfo fileProcessed) { this.FilesProcessed.Add(fileProcessed); - this.DataProcessed = this.FilesProcessed.Sum(fi => fi.Length); + //this.DataProcessed = this.FilesProcessed.Sum(fi => fi.Length); + this.DataProcessed += fileProcessed.Length; } private void CheckIfProcessingPrecentsChanged(long additionalData) diff --git a/BruteShark/PcapProcessor/Processor.cs b/BruteShark/PcapProcessor/Processor.cs index 0bff09f..3090caf 100644 --- a/BruteShark/PcapProcessor/Processor.cs +++ b/BruteShark/PcapProcessor/Processor.cs @@ -7,7 +7,7 @@ using System.Linq; using System.Threading; using Haukcode.PcapngUtils; -using Haukcode.PcapngUtils.Common; +using Haukcode.PcapngUtils.Common; namespace PcapProcessor @@ -23,6 +23,8 @@ public class Processor { public delegate void FileProcessingStatusChangedEventHandler(object sender, FileProcessingStatusChangedEventArgs e); public event FileProcessingStatusChangedEventHandler FileProcessingStatusChanged; + public delegate void ProcessingPrecentsChangedEventHandler(object sender, ProcessingPrecentsChangedEventArgs e); + private ProcessingPrecentsPredicator _processingPrecentsPredicator; public delegate void UdpPacketArivedEventHandler(object sender, UdpPacketArivedEventArgs e); public event UdpPacketArivedEventHandler UdpPacketArived; public delegate void UdpSessionArrivedEventHandler(object sender, UdpSessionArrivedEventArgs e); @@ -31,93 +33,81 @@ public class Processor public event TcpPacketArivedEventHandler TcpPacketArived; public delegate void TcpSessionArivedEventHandler(object sender, TcpSessionArivedEventArgs e); public event TcpSessionArivedEventHandler TcpSessionArrived; - public delegate void ProcessingPrecentsChangedEventHandler(object sender, ProcessingPrecentsChangedEventArgs e); - public event ProcessingPrecentsChangedEventHandler ProcessingPrecentsChanged; - public event EventHandler ProcessingFinished; - + public bool ProcessFilesParallel { get; set; } public bool BuildTcpSessions { get; set; } public bool BuildUdpSessions { get; set; } + private TcpSessionsBuilder _tcpSessionsBuilder; - private UdpStreamBuilder _udpStreamBuilder; - private ProcessingPrecentsPredicator _processingPrecentsPredicator; + private UdpStreamBuilder _udpStreamsBuilder; + private string _filepath; + - public Processor() + public Processor(ProcessingPrecentsPredicator processingPrecentsPredicator, string filepath) { + + this._filepath = filepath; + _processingPrecentsPredicator = processingPrecentsPredicator; + this.ProcessFilesParallel = false; this.BuildTcpSessions = false; this.BuildUdpSessions = false; - _tcpSessionsBuilder = new TcpSessionsBuilder(); - _udpStreamBuilder = new UdpStreamBuilder(); - _processingPrecentsPredicator = new ProcessingPrecentsPredicator(); - _processingPrecentsPredicator.ProcessingPrecentsChanged += OnPredicatorProcessingPrecentsChanged; + this._tcpSessionsBuilder = new TcpSessionsBuilder(); + this._udpStreamsBuilder = new UdpStreamBuilder(); + + } - private void OnPredicatorProcessingPrecentsChanged(object sender, ProcessingPrecentsChangedEventArgs e) + private void invokeAndClear(object session) { - // TODO: think of make this check in a dedicated extention method for events (e.g SafeInvoke()) - if (ProcessingPrecentsChanged is null) - return; - - ProcessingPrecentsChanged.Invoke(this, new ProcessingPrecentsChangedEventArgs() + if(session is TcpSession) { - Precents = e.Precents - }); - } - - public void ProcessPcaps(IEnumerable filesPaths) - { - _processingPrecentsPredicator.AddFiles(new HashSet(filesPaths.Select(fp => new FileInfo(fp)))); - - foreach (var filePath in filesPaths) + this._tcpSessionsBuilder.ClearSession((TcpSession)session); + TcpSessionArrived?.Invoke(this, new TcpSessionArivedEventArgs() + { + TcpSession = (TcpSession)session + }); + } + + if (session is UdpSession) { - this.ProcessPcap(filePath); + this._udpStreamsBuilder.ClearSession((UdpSession)session); + UdpSessionArrived?.Invoke(this, new UdpSessionArrivedEventArgs() + { + UdpSession = (UdpSession)session + }); + } - - ProcessingFinished?.Invoke(this, new EventArgs()); } + - public void ProcessPcap(string filePath) + public void ProcessPcap() { try { - RaiseFileProcessingStatusChangedEvent(FileProcessingStatus.Started, filePath); - _tcpSessionsBuilder.Clear(); - _udpStreamBuilder.Clear(); + RaiseFileProcessingStatusChangedEvent(FileProcessingStatus.Started, this._filepath); - switch (GetFileType(filePath)) + switch (GetFileType(_filepath)) { case FileType.Pcap: - ReadPcapFile(filePath); + ReadPcapFile(_filepath); break; case FileType.PcapNG: - ReadPcapNGFile(filePath); + ReadPcapNGFile(_filepath); break; } - // Raise event for each Tcp session that was built. - // TODO: think about detecting complete sesions on the fly and raising - // events accordingly. - foreach (var session in this._tcpSessionsBuilder.Sessions) - { - TcpSessionArrived?.Invoke(this, new TcpSessionArivedEventArgs() - { - TcpSession = session - }); - } - foreach (var session in this._udpStreamBuilder.Sessions) - { - UdpSessionArrived?.Invoke(this, new UdpSessionArrivedEventArgs() - { - UdpSession = session - }); - } + this._udpStreamsBuilder.Sessions.AsParallel().ForAll(session => invokeAndClear(session)); + this._tcpSessionsBuilder.Sessions.AsParallel().ForAll(session => invokeAndClear(session)); + - _processingPrecentsPredicator.NotifyAboutProcessedFile(new FileInfo(filePath)); - RaiseFileProcessingStatusChangedEvent(FileProcessingStatus.Finished, filePath); + + _processingPrecentsPredicator.NotifyAboutProcessedFile(new FileInfo(this._filepath)); + + RaiseFileProcessingStatusChangedEvent(FileProcessingStatus.Finished, _filepath); } catch (Exception ex) { - RaiseFileProcessingStatusChangedEvent(FileProcessingStatus.Faild, filePath); + RaiseFileProcessingStatusChangedEvent(FileProcessingStatus.Faild, _filepath); } } @@ -162,6 +152,7 @@ private void ReadPcapFile(string filepath) } private void ConvertPacket(object sender, IPacket packet) { + var _packet_ether = PacketDotNet.Packet.ParsePacket(PacketDotNet.LinkLayers.Ethernet, packet.Data); var _packet_raw = PacketDotNet.Packet.ParsePacket(PacketDotNet.LinkLayers.Raw, packet.Data); @@ -226,7 +217,8 @@ void ProcessPacket(PacketDotNet.Packet packet) if (this.BuildUdpSessions) { - this._udpStreamBuilder.HandlePacket(udpPacket); + + _udpStreamsBuilder.HandlePacket(udpPacket); } _processingPrecentsPredicator.NotifyAboutProcessedData(packet.Bytes.Length); } @@ -249,7 +241,7 @@ void ProcessPacket(PacketDotNet.Packet packet) if (this.BuildTcpSessions) { - this._tcpSessionsBuilder.HandlePacket(tcpPacket); + _tcpSessionsBuilder.HandlePacket(tcpPacket); } _processingPrecentsPredicator.NotifyAboutProcessedData(packet.Bytes.Length); diff --git a/BruteShark/PcapProcessor/ProcessorEngine.cs b/BruteShark/PcapProcessor/ProcessorEngine.cs new file mode 100644 index 0000000..55effd0 --- /dev/null +++ b/BruteShark/PcapProcessor/ProcessorEngine.cs @@ -0,0 +1,136 @@ +using System; +using System.Collections.Generic; +using System.IO; +using System.Linq; + +namespace PcapProcessor +{ + public class ProcessorEngine + { + public bool ProcessFilesParallel { get; set; } + public bool BuildTcpSessions { get; set; } + public bool BuildUdpSessions { get; set; } + + private ProcessingPrecentsPredicator _processingPrecentsPredicator; + + public event EventHandler ProcessingFinished; + public delegate void UdpPacketArivedEventHandler(object sender, UdpPacketArivedEventArgs e); + public event UdpPacketArivedEventHandler UdpPacketArived; + public delegate void UdpSessionArrivedEventHandler(object sender, UdpSessionArrivedEventArgs e); + public event UdpSessionArrivedEventHandler UdpSessionArrived; + public delegate void TcpPacketArivedEventHandler(object sender, TcpPacketArivedEventArgs e); + public event TcpPacketArivedEventHandler TcpPacketArived; + public delegate void TcpSessionArivedEventHandler(object sender, TcpSessionArivedEventArgs e); + public event TcpSessionArivedEventHandler TcpSessionArrived; + public delegate void FileProcessingStatusChangedEventHandler(object sender, FileProcessingStatusChangedEventArgs e); + public event FileProcessingStatusChangedEventHandler FileProcessingStatusChanged; + + private List _processors; + public delegate void ProcessingPrecentsChangedEventHandler(object sender, ProcessingPrecentsChangedEventArgs e); + public event ProcessingPrecentsChangedEventHandler ProcessingPrecentsChanged; + public ProcessorEngine(bool processFilesParallel) + { + this._processors = new List(); + _processingPrecentsPredicator = new ProcessingPrecentsPredicator(); + _processingPrecentsPredicator.ProcessingPrecentsChanged += OnPredicatorProcessingPrecentsChanged; + this.ProcessFilesParallel = processFilesParallel; + + } + + public void ProcessPcaps(IEnumerable filesPaths) + { + _processingPrecentsPredicator.AddFiles(new HashSet(filesPaths.Select(fp => new FileInfo(fp)))); + + foreach (var filepath in filesPaths) + { + Processor processor = new Processor(_processingPrecentsPredicator, filepath); + processor.BuildTcpSessions = BuildTcpSessions; + processor.BuildUdpSessions= BuildUdpSessions; + processor.UdpPacketArived += udpPacketArrived; + processor.TcpPacketArived += tcpPacketArrived; + processor.TcpSessionArrived+= tcpSessionArrived; + processor.UdpSessionArrived += udpSessionArrived; + processor.FileProcessingStatusChanged += fileProcessingStatusChanged; + _processors.Add(processor); + + } + + if(!this.ProcessFilesParallel) + { + foreach (var processor in _processors) + { + + processor.ProcessPcap(); + } + } + else + { + this.processParallel(); + } + + ProcessingFinished?.Invoke(this, new EventArgs()); + + } + + private void fileProcessingStatusChanged(object sender, FileProcessingStatusChangedEventArgs e) + { + FileProcessingStatusChanged?.Invoke(this, new FileProcessingStatusChangedEventArgs() + { + FilePath = e.FilePath, + Status = e.Status + }); + } + + private void udpSessionArrived(object sender, UdpSessionArrivedEventArgs e) + { + + UdpSessionArrived?.Invoke(this, new UdpSessionArrivedEventArgs() + { + UdpSession = e.UdpSession + }); + } + + private void tcpSessionArrived(object sender, TcpSessionArivedEventArgs e) + { + TcpSessionArrived?.Invoke(this, new TcpSessionArivedEventArgs() + { + TcpSession = e.TcpSession + }); + } + + private void tcpPacketArrived(object sender, TcpPacketArivedEventArgs e) + { + TcpPacketArived?.Invoke(this, new TcpPacketArivedEventArgs + { + + Packet = e.Packet + }); + } + + private void udpPacketArrived(object sender, UdpPacketArivedEventArgs e) + { + UdpPacketArived?.Invoke(this, new UdpPacketArivedEventArgs + { + Packet = e.Packet + + }); + } + + private void OnPredicatorProcessingPrecentsChanged(object sender, ProcessingPrecentsChangedEventArgs e) + { + // TODO: think of make this check in a dedicated extention method for events (e.g SafeInvoke()) + if (ProcessingPrecentsChanged is null) + return; + + ProcessingPrecentsChanged.Invoke(this, new ProcessingPrecentsChangedEventArgs() + { + Precents = e.Precents + }); + } + + private void processParallel() + { + _processors.AsParallel().ForAll(p => p.ProcessPcap()); + } + } +} diff --git a/BruteShark/PcapProcessor/TcpSessionsBuilder.cs b/BruteShark/PcapProcessor/TcpSessionsBuilder.cs index c6e9e38..0797077 100644 --- a/BruteShark/PcapProcessor/TcpSessionsBuilder.cs +++ b/BruteShark/PcapProcessor/TcpSessionsBuilder.cs @@ -12,6 +12,8 @@ internal class TcpSessionsBuilder { private Dictionary _sessions; + public List filenames {get; set;} + public IEnumerable Sessions { get @@ -38,6 +40,7 @@ private set { } public TcpSessionsBuilder() { + this.filenames = new List(); this._sessions = new Dictionary(); } @@ -64,5 +67,11 @@ public void Clear() { this._sessions.Clear(); } + + public void ClearSession(TcpSession session) + { + this._sessions.Remove(session); + } } } + diff --git a/BruteShark/PcapProcessor/UdpStreamBuilder.cs b/BruteShark/PcapProcessor/UdpStreamBuilder.cs index 8f9fe80..68975df 100644 --- a/BruteShark/PcapProcessor/UdpStreamBuilder.cs +++ b/BruteShark/PcapProcessor/UdpStreamBuilder.cs @@ -61,5 +61,10 @@ public void Clear() { this._sessions.Clear(); } + + public void ClearSession(UdpSession session) + { + this._sessions.Remove(session); + } } } diff --git a/BruteShark/PcapProcessorTest/PcapProcessorTest.cs b/BruteShark/PcapProcessorTest/PcapProcessorTest.cs index 8c3cae9..2cea971 100644 --- a/BruteShark/PcapProcessorTest/PcapProcessorTest.cs +++ b/BruteShark/PcapProcessorTest/PcapProcessorTest.cs @@ -30,26 +30,26 @@ public void PcapProcessor_ReadUdpPackets_ReadSuccess() { // Arrange. var recievedPackets = new List(); - var processor = new PcapProcessor.Processor(); + var processor = new PcapProcessor.Processor(new ProcessingPrecentsPredicator(), this.UdpFilePath); processor.UdpPacketArived += (object sender, UdpPacketArivedEventArgs e) => recievedPackets.Add(e.Packet); // Act. - processor.ProcessPcap(this.UdpFilePath); + processor.ProcessPcap(); // Assert (the file has 32 packets). Assert.AreEqual(32, recievedPackets.Count); } - + [TestMethod] public void PcapProcessor_ReconstructUdpStreams_ReconstructSuccess() { // Arrange. var recievedStreams = new List(); var recievedStreamsFromPcapNG = new List(); - var processor = new Processor(); - var pcapNGprocessor = new Processor(); + var processor = new Processor(new ProcessingPrecentsPredicator(), this.HttpSmallFilePath); + var pcapNGprocessor = new Processor(new ProcessingPrecentsPredicator(), this.PcapNGFile); processor.BuildUdpSessions = true; processor.UdpSessionArrived += (object sender, UdpSessionArrivedEventArgs e) => recievedStreams.Add(e.UdpSession); @@ -72,8 +72,8 @@ public void PcapProcessor_ReconstructUdpStreams_ReconstructSuccess() 0x63 }; // Act. - processor.ProcessPcap(this.HttpSmallFilePath); - pcapNGprocessor.ProcessPcap(this.PcapNGFile); + processor.ProcessPcap(); + pcapNGprocessor.ProcessPcap(); // Assert - check if we succeeded reconstructing the expected amount of sessions Assert.AreEqual(1, recievedStreams.Count); @@ -89,19 +89,19 @@ public void PcapProcessor_ReconstructUdpStreams_ReconstructSuccess() Assert.AreEqual(193, firstSessionBytesFromPcapNG.Length); CollectionAssert.AreEqual(firstUdpStreamExpectedData, firstSessionBytesFromPcapNG); } - + [TestMethod] public void PcapProcessor_ReconstructUdpStreams_ZeroStreams() { // Arrange. var recievedStreams = new List(); - var processor = new Processor(); + var processor = new Processor(new ProcessingPrecentsPredicator(), this.TcpFivePacketsFilePath); processor.BuildUdpSessions = true; processor.UdpSessionArrived += (object sender, UdpSessionArrivedEventArgs e) => recievedStreams.Add(e.UdpSession); // Act. - processor.ProcessPcap(this.TcpFivePacketsFilePath); + processor.ProcessPcap(); // Assert Assert.AreEqual(0, recievedStreams.Count); @@ -112,13 +112,13 @@ public void PcapProcessor_ReadTcpPackets_ReadSuccess() { // Arrange. var recievedPackets = new List(); - var processor = new PcapProcessor.Processor(); + var processor = new PcapProcessor.Processor(new ProcessingPrecentsPredicator(), this.TcpFivePacketsFilePath); processor.TcpPacketArived += (object sender, TcpPacketArivedEventArgs e) => recievedPackets.Add(e.Packet); // Act. - processor.ProcessPcap(this.TcpFivePacketsFilePath); + processor.ProcessPcap(); // Assert. Assert.AreEqual(5, recievedPackets.Count); @@ -130,20 +130,22 @@ public void PcapProcessor_BuildTcpSession_BuildSuccess() // Arrange. var recievedSessions = new List(); var recievedSessionsFromPcapNG = new List(); - var processor = new Processor(); - var processorPcapNG = new Processor(); + + var processor = new Processor(new ProcessingPrecentsPredicator(), this.HttpSmallFilePath); + var processorPcapNG = new Processor(new ProcessingPrecentsPredicator(), this.PcapNGFile); + processorPcapNG.BuildTcpSessions = true; processor.BuildTcpSessions = true; - processorPcapNG.TcpSessionArrived += + processorPcapNG.TcpSessionArrived += (object sender, TcpSessionArivedEventArgs e) => recievedSessionsFromPcapNG.Add(e.TcpSession); processor.TcpSessionArrived += (object sender, TcpSessionArivedEventArgs e) => recievedSessions.Add(e.TcpSession); // Act. - processor.ProcessPcap(this.HttpSmallFilePath); - processorPcapNG.ProcessPcap(this.PcapNGFile); + processorPcapNG.ProcessPcap(); + processor.ProcessPcap(); string firstSessionText = Encoding.UTF8.GetString(recievedSessions[0].Data); string firstSessionFromPcapNGText = Encoding.UTF8.GetString(recievedSessionsFromPcapNG[0].Data); @@ -155,31 +157,5 @@ public void PcapProcessor_BuildTcpSession_BuildSuccess() StringAssert.StartsWith(firstSessionFromPcapNGText, @"GET /download.html HTTP/1.1"); } - [TestMethod] - public void PcapProcessor_ReadTcpPacketsMultipleFiles_ReadSuccess() - { - // Arrange. - var recievedPackets = new List(); - var processor = new PcapProcessor.Processor(); - - processor.TcpPacketArived += - (object sender, TcpPacketArivedEventArgs e) => recievedPackets.Add(e.Packet); - - // Act. - processor.ProcessPcaps( new List() { - this.HttpSmallFilePath, - this.TcpFivePacketsFilePath }); - - // Assert. - Assert.AreEqual(46, recievedPackets.Count); - } - - [TestMethod] - public void PcapProcessor_identifyPcapFileFormat() - { - var processor = new PcapProcessor.Processor(); - Assert.AreEqual(true, processor.IsPcapFile(this.HttpSmallFilePath)); - Assert.AreEqual(false, processor.IsPcapFile(this.PcapNGFile)); - } } }