I have created an app that retrieves network packets using this example: http://www.codeproject.com/Articles/4217/Packet-Sniffing-with-Winpcap-Functions-Ported-to-a
My intention is to use it in order to obtain the content of specific packets sent to a specific application from a server, I'm not interested in any other packets. The packet I'm interesting is 1 value which updates periodically.
I converted it to VB .Net as that is my preference so I'll be giving my code snippets in VB, though I can understand C# as well so feel free to give examples using C#.
It has an event with the parameter 's' which contains the content of the received packet in a byte array.
I'm converting that array to read with a binary reader like this:
Dim stream As System.IO.MemoryStream = New System.IO.MemoryStream(s)
Dim reader As New System.IO.BinaryReader(stream)
Dim pos As Long = 0
Dim length As Long = reader.BaseStream.Length
I'll then go through a loop with the 'pos' variable as the current position, incremented by the data type of the current bytes. (Like: something = reader.ReadString() pos += something.Length)
My only problem is: I'm not sure what types I should be looking for? What is the 'structure' of a packet? Is it possible to retrieve the server that the packet was sent from, and the application it was sent to?
I've never tried using something like this for packets before, I've only had experience getting data from a custom format database file.
Edit: I've found something a bit more useful which has documentation explaining about source/destination IP and how to filter by them and it looks to be a lot more complete than the above example mentioned earlier.
http://www.codeproject.com/Articles/12458/SharpPcap-A-Packet-Capture-Framework-for-NET
Though it still doesn't give an explanation of how to understand the packet contents itself, but being able to filter the packets is a big help.
There are many different types of possible network packets - most are well documented.
What you'll want to do is download Wireshark (Microsoft also has a similar tool whose name escapes me right now), run some captures with that, and look at the logs.
Wireshark recognizes virtually every existing network packet in existence, so you can use its logs to determine what type of packet you need to be able to recognize and then google for its specification.
Related
I am working on a PC hosted application which communicates to an embedded device. The application and the embedded device communicates with an UART interface. The communication protocol states that the data payload is formatted in KLV format. The host PC is written in C# and it can receive the hex data from device and put them into a byte array now. But I am not sure how to parse data. Also I am wondering how to compose the KLV data if I need to send some data to device.
If you are using an UART interface between the devices I doubt you receive 'hex'. Hex is just the representation often used for bytes itself. However as you have written it is already converted to bytes (e.g. by BitConverter class - strongly recommend taking a look in it).
Regarding the KLV format - i hope this is referring to the key-length-value protocol. Somewhere should be a document exactly descriping what data you get, because this protocol is often dimplemented different in following terms.
In the basics it is like: [KEY][LENGTH of VALUE][VALUE]. If you convert (Encoding.GetString, e. g. Encoding.ASCII.GetString()) everything to string you should already see some readable data (also I found that some folks used numbers for keys).
So you need the documentation about:
What KEYs are sent (mostly all have got the same length)
What data types you receive in VALUE for each Key
Without this information, you have to listen to the device for some time and afterwards analyse the data.
This may be a stupid question, i apologise if it is. But I'm rewriting some c code into c# to use as part of a GUI, the original c programs transmit data buffers backwards and forwards to a microcontroller via:
n = write(sockfd, buf, sizeof(buf));
In the transmitter program and
n = read(sockfd, (void *)buf[idx]+numread,sizeof(buf[0])-numread);
In the receiver program. I am trying to find the c# equivalent of these functions above, but the only one i have found only takes byte data.
The server on the microcontroller runs software i didn't design, hence why i can't simply serialise or convert to byte etc (as in previous similar questions: How to send integer array over a TCP connection in c# and then decompose at the other end, or at least id rather check if theres a solution before i get into trying to edit code i didn't write.
any help greatly appreciated !
You can use NetworkStream.Read/Write to read and write byte arrays to a socket. BinaryReader/Writer are abstractions on top of that that make it easier to write in certain formats.
First of all, what I do at the moment:
I sniff a asyncron serial bus with 9 bit protocol and send the data to the PC. At the PC side I receive the data as an endless string, that looks like that: .12_80E886.02_80E894.13. The Software of the PC-side is written with winforms with C#. Now I have the problem that I haven´t a clearly start you can see it in the stream example. The reason for that is, that I start the sniff somewhere in the protocol.
What I want to do:
I think I can use startindex = IndexOf("_"), and set them now as new start. I have to evaluate sign´s in the stream the stream is build: _(timestamp in milliseconds).(addressbyte databyte). The only what I want to display in my RichTextBox is the databyte, also I need a data management method for the timestamp. Because I have in the GUI the function that I can see the time beetween two or more databyte´s, for that I think I make a sql database. The addressbyte need I to collor the byte with an one as address in a special collor.
Question:
How can I evaluate the stream so that i have alternately timestamp,
addressbyte and than databyte as single substring?
The reason why I want them so, is that, I think I can make an easy if elseif else block to realize all what I want to do.
When someone has an better suggestion for my project pls write it as comment.
With friendly wishes sniffi
I think you're trying to solve two problems at the same time. It would be better to separate them and solve them individually.
There is the issue of transporting the data, for this you are using streams. That is a valid solution. There is sending and receiving the data (bits) over the stream.
You have the problem of transforming these bits (after receiving them) into actual objects (dates, strings, etc..). For that you an use a simple parser, tokenizer, a local script that can get the correct parts from the data and convert it, or you can use a serialization framework (like DataContracts).
If you have simple data, I would opt for using a single method that can parse the data. For more complex scenarios I would look into serialization.
Also be ware that you will need to validate your inputs, since you cannot assume that there is always a trusted (non compromised) piece of software that is sending the bits to you.
I think string is bad choice. Propably data is send as bytes. Sniff rather bytes than string. And you need protocol description to understand data.
You need to read bytes form bus and interpret it.
i'm developing application that is listening to the data coming to the pc and store it in a db
when i'm trying to use any sniffing software it decode the data and i can read it...
but in my code ....i cant read it at all
it come in a format like that
1822262151622341817118815518211616121520941131921572041519912321413018224510453482062312258624219217426213385792952422362282081777270129716688629114817282188771708157542505055171418651781981425595109572128317191993018793431541418175198551682143218916536118562071014546919618158204181231187237183188160147127165111798312311810419822146114761993113815821216617541542372062129733198212250147199288115346102031191275215728146245198190171121209115149107193226253199151253205183146112072202559697791491441131572351381412278441552554817712614110121823714822712523618924690185291182071331471286244143181469018522814822821118012620321315924832238219115405615512392145202385512115735771691111055935782371281492476567165158924021493139815144225143762294713291762001113814720516216041120169912317914878167571392103510118386589521910621319622274158971538465206168139190127867123282255271781242497522124211517622131122113236255230254211206911242051832545515823012124925217318223920523316923122925514321122343602492471242........
can any one tell me what kind of data is that and any code to solve it out??
To see what a real packet sniffer looks like, check out WireShark. There are many different protocols over TCP, and many of them are binary. Those that aren't may be using unicode characters, which are two-byte characters so an ascii display of them would be meaningless.
Anyway, the data you're displaying is pretty meaningless. It looks like decimal data, are you concatenating a bunch of decimal representations of the binary stream interpreted as byte or integer values? That would explain it. You should start by running the stream through System.TextEncoding.ASCII.Decode You'll probably see some recognizable strings. Then try System.TextEncoding.Unicode.Decode, etc.
No, we cannot. And the reason is simple, we don't know what application you are sniffing.
That stream of data could mean anything.
But, I suggest you print the data in hexadecimal. Maybe the data would make more sense.
First of all i am new to networking so i may say dumb thing in here.
Considering a client-server application using sockets(.net with c# if that matters).
The client sends some data, the
server process it and sends back a
string.
The client sends some other data,
the serve process it, queries the db
and sends back several hundreds of
items from the database
The client sends some other type of
data and the server notifies some
other clients
.
My question is how to set the buffer size correctly for reading/writing operation.
Should i do something like this: byte[] buff = new byte[client.ReceiveBufferSize] ?
I am thinking of something like this:
Client sends data to the server(and the server will follow the same pattern)
byte[] bytesToSend=new byte[2048] //2048 to be standard for any command send by the client
bytes 0..1 ->command type
bytes 1..2047 ->command parameters
byte[] bytesToReceive=new byte[8]/byte[64]/byte[8192] //switch(command type)
But..what is happening when a client is notified by the server without sending data?
What is the correct way to accomplish what i am trying to do?
Thanks for reading.
Doesn't matter what is the size of your buffer, it should be just a temporary storage for the data. Read this about reading from binary streams: http://www.yoda.arachsys.com/csharp/readbinary.html
I don't really understand what you are trying to do, but i try to give some advice. Your byte array and the Socket.ReceiveBufferSize property are two different things. The buffer size doesn't matter. You should use a byte array large enough to store the data you want to send or receive. For the size of the byte array, 2048 is probably ok, unless you want to send images, very large text, etc. I've done some simple client server programming and i found it easier if the receiver knows how much data to receive in advance. So for example you send the length of the string first as 1 or 2 bytes, and then the string using utf8 encoding. Use the Encoding.GetByteCount method for getting the size of the string in bytes for the chosen encoding. You should convert numbers to binary using the methods from Bitconverter. I found those helpful and now i wish, i would have discovered them earlier. To send other more complex data types you should decompose them and send them as strings or numbers one at a time.
When designing client/server communication it is good to introduces some a notion of a communication protocol (basically a set of rules, format that will be sent/received) by the client/server.
Here's an example of exchanging messages of variable size over the network
You can simplest think about XML as a protocol of your communication, then you reading socket until null byte was readed. (This is typicaly marker of end of xml document). You can implement this protocol in two ways.
To parse and generate XML document you can use XMLDocument class. You must to it impelemnt some schema. But if you want clean transform data as XML you can use simplest DataSet.