3
votes

how can I parse a UDP packet in .NET?

I'm using PCap.Net to capture packets, in this case UDP packets, which I can access from the PCap.net object via (PcapDotNet.packets.Ethernet.IpV4.Udp).

How can I take the results, the Udp packet, and parse this? In particular to unbundle DNS requests and responses that occur that are housed within a UDP packet.

Is there a library that could help here?

EDIT: To be more specific what I want to be able to do is extract the IP address from the DNS response, and based on examination using Wireshark it would be by:

(a) Input: Payload of a UDP packet that is a DNS response

(b) Processing: Parse out the DNS response portion of the UDP packet. Find the Answers portion, within this find the answer record for which the type is A (Host Address) [not a CNAME record], then with this answer record get the IP address.

(c) Return: The IP address from the DNS response.

2
Doesn't WinPCAP come with a bunch of parsers?Will A
Go for Newtwork Monitor API microsoft.com/downloads/…user240141
@Will - I can get down to UDP OK, but it's justing parsing the detail of a UDP packet that is carrying DNS responses I'm interested in.Greg
@Amit - are you suggesting if I'm using PCap.Net for packet capture, once I've got the UDP payload there are UDP/DNS parsers available that I could use in a Microsoft Network Monitor library?Greg
I already gave you a bunch of pointers (including the relevant RFC) in your other related question. Please go read that RFC - you'll learn a damned site more than just using someone else's API.Alnitak

2 Answers

1
votes

From PCAP.Net:

Pcap.Net.DevelopersPack.0.7.0.46671.x64\src\InterpretingThePackets\Program.cs

            // Compile the filter
            using (BerkeleyPacketFilter filter = communicator.CreateFilter("ip and udp"))
            {
                // Set the filter
                communicator.SetFilter(filter);
            }

            Console.WriteLine("Listening on " + selectedDevice.Description + "...");

            // start the capture
            communicator.ReceivePackets(0, PacketHandler);
    }


    // Callback function invoked by libpcap for every incoming packet
    private static void PacketHandler(Packet packet)
    {
        // print timestamp and length of the packet
        Console.WriteLine(packet.Timestamp.ToString("yyyy-MM-dd hh:mm:ss.fff") + " length:" + packet.Length);

        IpV4Datagram ip = packet.Ethernet.IpV4;
        UdpDatagram udp = ip.Udp;

        // print ip addresses and udp ports
        Console.WriteLine(ip.Source + ":" + udp.SourcePort+ " -> " + ip.Destination + ":" + udp.DestinationPort);
    }

Isn't it enough?

1
votes

I found the following project which had the code to do this

http://www.codeproject.com/KB/IP/dnslookupdotnet.aspx

The Response.cs class in particular. Also note there is a bug in the code but the comments on the page highlight where this is.