0
votes

Does someone know which is the right way to get the actual text in these bytes? I do something wrong here.

And another question: is utf-8 the most generic encoding, that will show most of the chars correctly?

TY

    private void device_OnPacketArrival(object sender, SharpPcap.CaptureEventArgs e)
    {
        string str = string.Empty;

        var time = e.Packet.Timeval.Date;
        var len = e.Packet.Data.Length;

        str = "time.Hour: " + time.Hour + " time.Minute: " + time.Minute + " time.Second: " + time.Second + " time.Millisecond: " + time.Millisecond + "len: " + len;
        str += Environment.NewLine + e.Packet.ToString();
        str += Environment.NewLine + " Message: " + BitConverter.ToString(e.Packet.Data);
        //str +=  e.Packet.Data + Environment.NewLine + Environment.NewLine;

        Packet p = Packet.ParsePacket(e.Packet);
        str += e.Packet.Data + Environment.NewLine + Environment.NewLine;

        byte[] utf8Bytes = Encoding.Convert(Encoding.Unicode, Encoding.UTF8, e.Packet.Data);

        str += Encoding.UTF8.GetBytes(utf8Bytes.ToString()).ToString();
        //txtOutput.Text += "time.Hour: " + time.Hour + "time.Minute: " + time.Minute + "time.Second: " + time.Second + "time.Millisecond:" + time.Millisecond + "len:" + len;
        //txtOutput.Text += e.Packet.ToString();
        //txtOutput.Text += Environment.NewLine;

        WriteToFile(str,null);
       // WriteToFile("",c);
2

2 Answers

0
votes

Packets contain binary data and not textual data.

There can be parts of the packets that contain text but you should only try and translate these parts to text (not the entire packet data) and you should know what is the text encoding.

There is no "generic" encoding. UTF8 is more generic than ASCII in the sense that all the text in ASCII will be converted using UTF8 but generally there is no "generic" encoding and you should know what is the encoding of your data.

0
votes

What you're looking for is Encoding.UTF8.GetString() if the data is in fact UTF-8.

It all depends on what the Data field contains. If it's another protocol payload, you'll need to parse it either using a SharpPcap/Packet.Net parser or, if the specific parser doesn't exist yet then you'll need to look up the protocol spec and build your own parser from that.

All incoming packets are nothing but a big byte array of meaningless data until it can be parsed. Sometimes it's easy to write a parser, sometimes it can take many weeks (depending on the protocol's complexity or what tools already exist to parse the specific protocols). SharpPcap/Packet.Net is a pretty extensive protocol for parsing packet data but it's far from covering all of the commonly known/used protocols that exist.