how can I parse a UDP packet in .NET?
Asked Answered
C

1

3

how can I parse a UDP packet in .NET?

I'm using PCap.Net to capture packets, in this case UDP packets, which I can access from the PCap.net object via (PcapDotNet.packets.Ethernet.IpV4.Udp).

How can I take the results, the Udp packet, and parse this? In particular to unbundle DNS requests and responses that occur that are housed within a UDP packet.

Is there a library that could help here?

EDIT: To be more specific what I want to be able to do is extract the IP address from the DNS response, and based on examination using Wireshark it would be by:

(a) Input: Payload of a UDP packet that is a DNS response

(b) Processing: Parse out the DNS response portion of the UDP packet. Find the Answers portion, within this find the answer record for which the type is A (Host Address) [not a CNAME record], then with this answer record get the IP address.

(c) Return: The IP address from the DNS response.

Conformist answered 19/8, 2010 at 3:40 Comment(5)
Doesn't WinPCAP come with a bunch of parsers?Chicago
Go for Newtwork Monitor API microsoft.com/downloads/…Apia
@Will - I can get down to UDP OK, but it's justing parsing the detail of a UDP packet that is carrying DNS responses I'm interested in.Conformist
@Amit - are you suggesting if I'm using PCap.Net for packet capture, once I've got the UDP payload there are UDP/DNS parsers available that I could use in a Microsoft Network Monitor library?Conformist
I already gave you a bunch of pointers (including the relevant RFC) in your other related question. Please go read that RFC - you'll learn a damned site more than just using someone else's API.Octarchy
C
1

From PCAP.Net:

Pcap.Net.DevelopersPack.0.7.0.46671.x64\src\InterpretingThePackets\Program.cs

            // Compile the filter
            using (BerkeleyPacketFilter filter = communicator.CreateFilter("ip and udp"))
            {
                // Set the filter
                communicator.SetFilter(filter);
            }

            Console.WriteLine("Listening on " + selectedDevice.Description + "...");

            // start the capture
            communicator.ReceivePackets(0, PacketHandler);
    }


    // Callback function invoked by libpcap for every incoming packet
    private static void PacketHandler(Packet packet)
    {
        // print timestamp and length of the packet
        Console.WriteLine(packet.Timestamp.ToString("yyyy-MM-dd hh:mm:ss.fff") + " length:" + packet.Length);

        IpV4Datagram ip = packet.Ethernet.IpV4;
        UdpDatagram udp = ip.Udp;

        // print ip addresses and udp ports
        Console.WriteLine(ip.Source + ":" + udp.SourcePort+ " -> " + ip.Destination + ":" + udp.DestinationPort);
    }

Isn't it enough?

Ciliata answered 19/8, 2010 at 7:49 Comment(2)
I'm ok getting down to the UDP packet with PCap.Net, but it's parsing the detail of a UDP packet that is carrying DNS responses I'm interested in. Basically want to be able to have a DNS response UDP packet, then parse it to obtain the IP address(es?) within the Answer records of the DNS packet which are Type A (not Type CNAME). So basically being able to parse out the DNS portion of a UDP/DNS packet.Conformist
Now the question is more clear. Well, several years ago I was able to extract IPs from DNS packets. All I used is some RFCs. Try this: pjsip.org/pjlib-util/docs/html/group__PJ__DNS__PARSING.htmCiliata

© 2022 - 2024 — McMap. All rights reserved.