Application Layer Covert Channel Analysis and ... - Bill Buchanan

Z. Kwecka, BSc (Hons) Network Computing, 2006 95}//Adaptersc collectiongetNetConnections = SharpPcap.GetAllDevices();for (int i = 0; i < getNetConnections.Count ; i++){cbAdapters.Items.Add("(" + (i) + ") " + getNetConnections[i].PcapDescription);}cbAdapters.Invalidate();/// /// Capture Menu Start Click - starts reading from the selected adapter/// /// /// private void mcStart_Click(object sender, System.EventArgs e){lvPackets.Items.Clear();lbHeaders.Items.Clear();//conArray.Clear();//sigArray.Clear();//vnCounter = 0;//axPacketXCtrl1.Start();if(cbChip.Checked){device.PcapOpen(false,1000);}else{device.PcapOpen(true,1000);}device.PcapSetFilter("port 80");device.PcapStartCapture();mcStart.Enabled = false;mcStop.Enabled = true;gbAdapter.Enabled = false;if(cbDump.Checked && dumpFile != ""){device.PcapDumpOpen(dumpFile);}else if(cbDump.Checked){MessageBox.Show("Could not open Dump File");}}/// /// Capture Menu Stop Click - stops reading/// /// /// private void mcStop_Click(object sender, System.EventArgs e){device.PcapStopCapture();device.PcapClose();cbAdapters.SelectedIndex = -1;mcStart.Enabled = false;mcStop.Enabled = false;gbAdapter.Enabled = true;}/// /// OnPacket event handler - builds collection of "conversations" and displays it inlvCon/// /// /// private void device_PcapOnPacketArrival(object sender, Packet aPacket){if(aPacket is TCPPacket){TCPPacket tcp = (TCPPacket)aPacket;if(tcp.DestinationPort == 80 || tcp.SourcePort == 80)//herefor the offline dumphandling