ravahn / machina Goto Github PK
View Code? Open in Web Editor NEWNetwork capture library for realtime TCP/IP decoding from a windows application. Includes an extension library to support FFXIV data capture.
License: GNU General Public License v3.0
Network capture library for realtime TCP/IP decoding from a windows application. Includes an extension library to support FFXIV data capture.
License: GNU General Public License v3.0
I can replicate this using ACT and Teamcraft, but this happens for any process. I included two test programs that can be used to replicate this behaviour.
When using Machina in RawSocket mode, if the process being listened to opens a TCP listener and listens for incoming connections, Machina will stop reporting any data at all.
using Machina;
using System;
using System.Linq;
namespace TestMachinaPacketListener {
class Program {
static void Main(string[] args) {
TCPNetworkMonitor monitor = new TCPNetworkMonitor();
monitor.ProcessID = uint.Parse(args[0]);
// change this to WinPCap and it will work as expected
monitor.MonitorType = TCPNetworkMonitor.NetworkMonitorType.RawSocket;
monitor.DataReceived = (string connection, byte[] data) => DataReceived(connection, data);
monitor.Start();
Console.ReadLine();
monitor.Stop();
}
private static void DataReceived(string conn, byte[] data) {
Console.WriteLine(conn);
Console.WriteLine(string.Join("", data.Select(b => b.ToString("x2"))));
Console.WriteLine();
}
}
}
using System;
using System.Diagnostics;
using System.Net;
using System.Net.Http;
using System.Net.Sockets;
using System.Threading.Tasks;
namespace PeriodicDownloader {
class Program {
static void Main(string[] args) {
Console.WriteLine(Process.GetCurrentProcess().Id);
using var client = new HttpClient();
Task.Run(async () => {
while (true) {
string data = await client.GetStringAsync("https://duckduckgo.com/");
Console.WriteLine(data.Substring(0, 20));
await Task.Delay(1_000);
}
});
Console.ReadLine();
var listener = new TcpListener(IPAddress.Parse("0.0.0.0"), 12345);
listener.Start();
Task.Run(async () => {
await listener.AcceptTcpClientAsync();
});
Console.ReadLine();
}
}
}
Run the periodic downloader and it will output its PID. Run the other program with the PID as the first argument. You will see it reports the download every second. Press enter to start the listener in the downloader and the other program will become silent.
machina/Machina.Tests/RawPCapTests.cs
Line 42 in 9d648aa
Will pick up the ip from an interface which is down then cause a null pointer ex at:
Line 211 in 9d648aa
I have observed this behavior on my machine.
machina will infinite loop, consuming excessive cpu resources and ballooning memory over time as the NetworkBufferFactory
is no longer being dequeue'd from.
When debugged I can observe the following packet data causing the issue:
45 00 00 00 00 00 40 00 80 06 00 00 0a 01 32 40 0a 00 32 68 10 a2 01 bd a3 75 84 3a 54 70 42 31 50 10 60 dc 78 af 00 00 ca d7
(I have trimmed the remainder of the payload for brevity)
If you prepend a fake ethernet header and decode it on https://hpd.gasmi.net/ you can see the issue.
01 00 0C CC CC CD 00 50 3E B4 E4 66 08 00 45 00 00 00 00 00 40 00 80 06 00 00 0A 01 32 40 0A 00 32 68 10 A2 01 BD A3 75 84 3A 54 70 42 31 50 10 60 DC 78 AF 00 00 CA D7
This is valid netbios traffic that happens to have an IPv4 header containing 0 length and 0 ID, so the following happens:
packetLength
remains 0
Lines 132 to 134 in e382b6b
offset
is unchanged
Line 160 in e382b6b
the loop repeats on the same packet
Lines 95 to 98 in e382b6b
I propose the check for ip4Header.Id != 0
in the segment offload workaround be removed or an additional failsafe check similar to the following be added:
if (packetLength == 0) break;
Hello,
I have few issues/question with the TCP stream reassembly function:
Do OnDataSent and OnDataReceived methods of TCPNetworkMonitor return the reassembled data only? Or do they return data of all captured packets + reassembled data?
Because from my test, I did receive the reassembled data, however I still get all the fragments as well. As I’ve seen in the IPDecoder class (and if I understand correctly), it should only return the payload once it see the last fragment, then pass it to TCPDecoder for reassembly. Then return the final result in OnDataSent/OnDataReceived.
I would be very appreciate if you can help me clear things out. I’m looking forward to your reply.
Thank you for your work also. This is a great library.
Hi, I'm notice that the Server_MessageHeader.Unknown1
is ignore when convert form deucalion packet, which always be 0x0000
.
According to packet strucure, this field is segment type, which should be set to SEGMENTTYPE_IPC(3) or other values.
Some packet parser will check this field to avoid parse error, this behavior will cause those parser stop working.
If I set the UseSocketFilter
property of an FFXIVNetworkMonitor
to true
, the callback for MessageSent never triggers. I'm using raw sockets, not winpcap.
I've ensured that the app is allowed through the firewall and there are no errors in the trace log. At a deeper level, it looks like ProcessSentMessage
is never called because no packets are ever returned for the sent side of the connection. Is this a limitation of UseSocketFilter
or is there further configuration I need to do?
The .snk file for signing is missing in the repo because it was added as part of the git ignore so if you try to clone a new instance and build it will fail. You can just remove the signing for the projects but just FYI. Not sure if you wanted to include them or not so didn't do a pr.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.