none
How do I read ethernet data packets ? RRS feed

  • Question

  • Hi,
    I am writing a packet to a device on ethernet and get a return response in terms of many packets of varying lengths. As I loop thru each packet's data, by typecasting to char, I am losing data in my resultant string(s). How do I get meaningful data from the returned ethernet packets which are in hex ? ie I want each packet data as one string - with readable text, if it exists in the data packet.
    Thanks in advance.
    Monday, September 21, 2009 5:58 PM

Answers

  • You do realize that there is more than just data in the packet? I suggest you start at http://en.wikipedia.org/wiki/Transmission_Control_Protocol and work your way through that.

    Ron Whittle - If the post is helpful or answers your question, please mark it as such.
    • Marked as answer by Harry Zhu Monday, September 28, 2009 1:46 AM
    Monday, September 21, 2009 6:30 PM
  • You cannot cast binary data to characters, there are several Unicode code points that do not have a valid character.  You'll need to keep and analyze the data as bytes.  Use BitConverter.ToString(byte[]) to convert bytes to hex.

    Hans Passant.
    • Proposed as answer by AKGMA Tuesday, September 22, 2009 6:41 PM
    • Marked as answer by Harry Zhu Monday, September 28, 2009 1:46 AM
    Tuesday, September 22, 2009 2:34 AM
    Moderator
  • Hans and all,

    Thanks for your input.

    I am using a library to read/write to the ethernet. So, I already have hex coming to me. The question is, within that hex, some byte sequences are not in plain text - I have cut a small portion below as well as the data packet that I captured w/Wireshark:

    I use UTF8 to gather this into a string:

     ** DAF-  1a ** SHORT TRACE     GM buffer addr: 0.03

    and below is a small portion of the data packet:

    0050  00 00 00 00 00 00 1b 5b  30 31 3b 33 36 6d 20 2a   .......[ 01;36m *
    0060  2a 20 1b 5b 30 31 3b 33  31 6d 44 41 46 1b 5b 6d   * .[01;3 1mDAF.[m
    0070  1b 5b 30 31 3b 33 36 6d  2d 20 20 31 61 20 2a 2a   .[01;36m -  1a **
    0080  1b 5b 6d 20 53 48 4f 52  54 20 54 52 41 43 45 20   .[m SHOR T TRACE
    0090  1b 5b 30 31 3b 33 32 6d  20 20 20 1b 5b 6d 20 47   .[01;32m    .[m G
    00a0  4d 20 62 75 66 66 65 72  20 61 64 64 72 3a 20 30   M buffer  addr: 0
    00b0  2e 30 33                                                              .03

    So, my question is:

    1. How do I extract only the plain text

    2. How do I include special chars like slashes (for dates), dashes etc in the plain text

    Much appreciate your advice.


    As the moderators have pointed out, the problem is much more complicated than "how do I extract plain text" from a series of hex.  When you analyze packets with a sniffer like wireshark it shows you verbatim, what the contents of the packet are.  The point that you have missed is that packets are dependant upon protocols which can insert headers and control data (As Ron Wittle pointed out).  Analyzing "packet X" looking for a series of bits that can be mapped to an ASCII/Unicode/UTF8 (pick your encoding) table is nonsensical in the general sense.  For example, say you have x0054.  If you character map this via an ASCII table you should get 'null' '6', but x0054 could be a control bit indicating the size of the TCP packet. 

    So, if you know the protocol (including stuff specific to the application itself) you may be able to write a parser for one of the apps your sniffing, but, because your sniffing..., you'll also need to filter out "noise" like DNS sync packets and other network traffic.
    おろ?
    • Marked as answer by Harry Zhu Monday, September 28, 2009 1:46 AM
    Tuesday, September 22, 2009 4:22 PM
  • There a re number of open source Firewalls/Gateways out there.  You best path of research may be to download a few of these and determine how they analyze traffic.
    • Marked as answer by Harry Zhu Monday, September 28, 2009 1:46 AM
    Tuesday, September 22, 2009 6:39 PM

All replies

  • You do realize that there is more than just data in the packet? I suggest you start at http://en.wikipedia.org/wiki/Transmission_Control_Protocol and work your way through that.

    Ron Whittle - If the post is helpful or answers your question, please mark it as such.
    • Marked as answer by Harry Zhu Monday, September 28, 2009 1:46 AM
    Monday, September 21, 2009 6:30 PM
  • You cannot cast binary data to characters, there are several Unicode code points that do not have a valid character.  You'll need to keep and analyze the data as bytes.  Use BitConverter.ToString(byte[]) to convert bytes to hex.

    Hans Passant.
    • Proposed as answer by AKGMA Tuesday, September 22, 2009 6:41 PM
    • Marked as answer by Harry Zhu Monday, September 28, 2009 1:46 AM
    Tuesday, September 22, 2009 2:34 AM
    Moderator
  • Hans and all,

    Thanks for your input.

    I am using a library to read/write to the ethernet. So, I already have hex coming to me. The question is, within that hex, some byte sequences are not in plain text - I have cut a small portion below as well as the data packet that I captured w/Wireshark:

    I use UTF8 to gather this into a string:

     ** DAF-  1a ** SHORT TRACE     GM buffer addr: 0.03

    and below is a small portion of the data packet:

    0050  00 00 00 00 00 00 1b 5b  30 31 3b 33 36 6d 20 2a   .......[ 01;36m *
    0060  2a 20 1b 5b 30 31 3b 33  31 6d 44 41 46 1b 5b 6d   * .[01;3 1mDAF.[m
    0070  1b 5b 30 31 3b 33 36 6d  2d 20 20 31 61 20 2a 2a   .[01;36m -  1a **
    0080  1b 5b 6d 20 53 48 4f 52  54 20 54 52 41 43 45 20   .[m SHOR T TRACE
    0090  1b 5b 30 31 3b 33 32 6d  20 20 20 1b 5b 6d 20 47   .[01;32m    .[m G
    00a0  4d 20 62 75 66 66 65 72  20 61 64 64 72 3a 20 30   M buffer  addr: 0
    00b0  2e 30 33                                                              .03

    So, my question is:

    1. How do I extract only the plain text

    2. How do I include special chars like slashes (for dates), dashes etc in the plain text

    Much appreciate your advice.

    Tuesday, September 22, 2009 3:57 PM
  • Hans and all,

    Thanks for your input.

    I am using a library to read/write to the ethernet. So, I already have hex coming to me. The question is, within that hex, some byte sequences are not in plain text - I have cut a small portion below as well as the data packet that I captured w/Wireshark:

    I use UTF8 to gather this into a string:

     ** DAF-  1a ** SHORT TRACE     GM buffer addr: 0.03

    and below is a small portion of the data packet:

    0050  00 00 00 00 00 00 1b 5b  30 31 3b 33 36 6d 20 2a   .......[ 01;36m *
    0060  2a 20 1b 5b 30 31 3b 33  31 6d 44 41 46 1b 5b 6d   * .[01;3 1mDAF.[m
    0070  1b 5b 30 31 3b 33 36 6d  2d 20 20 31 61 20 2a 2a   .[01;36m -  1a **
    0080  1b 5b 6d 20 53 48 4f 52  54 20 54 52 41 43 45 20   .[m SHOR T TRACE
    0090  1b 5b 30 31 3b 33 32 6d  20 20 20 1b 5b 6d 20 47   .[01;32m    .[m G
    00a0  4d 20 62 75 66 66 65 72  20 61 64 64 72 3a 20 30   M buffer  addr: 0
    00b0  2e 30 33                                                              .03

    So, my question is:

    1. How do I extract only the plain text

    2. How do I include special chars like slashes (for dates), dashes etc in the plain text

    Much appreciate your advice.


    As the moderators have pointed out, the problem is much more complicated than "how do I extract plain text" from a series of hex.  When you analyze packets with a sniffer like wireshark it shows you verbatim, what the contents of the packet are.  The point that you have missed is that packets are dependant upon protocols which can insert headers and control data (As Ron Wittle pointed out).  Analyzing "packet X" looking for a series of bits that can be mapped to an ASCII/Unicode/UTF8 (pick your encoding) table is nonsensical in the general sense.  For example, say you have x0054.  If you character map this via an ASCII table you should get 'null' '6', but x0054 could be a control bit indicating the size of the TCP packet. 

    So, if you know the protocol (including stuff specific to the application itself) you may be able to write a parser for one of the apps your sniffing, but, because your sniffing..., you'll also need to filter out "noise" like DNS sync packets and other network traffic.
    おろ?
    • Marked as answer by Harry Zhu Monday, September 28, 2009 1:46 AM
    Tuesday, September 22, 2009 4:22 PM
  • There a re number of open source Firewalls/Gateways out there.  You best path of research may be to download a few of these and determine how they analyze traffic.
    • Marked as answer by Harry Zhu Monday, September 28, 2009 1:46 AM
    Tuesday, September 22, 2009 6:39 PM