tags:

views:

34

answers:

2
Q: 

how can I parse a UDP packet in .NET?

how can I parse a UDP packet in .NET?

I'm using PCap.Net to capture packets, in this case UDP packets, which I can access from the PCap.net object via (PcapDotNet.packets.Ethernet.IpV4.Udp).

How can I take the results, the Udp packet, and parse this? In particular to unbundle DNS requests and responses that occur that are housed within a UDP packet.

Is there a library that could help here?

EDIT: To be more specific what I want to be able to do is extract the IP address from the DNS response, and based on examination using Wireshark it would be by:

(a) Input: Payload of a UDP packet that is a DNS response

(b) Processing: Parse out the DNS response portion of the UDP packet. Find the Answers portion, within this find the answer record for which the type is A (Host Address) [not a CNAME record], then with this answer record get the IP address.

(c) Return: The IP address from the DNS response.

A: 

From PCAP.Net:

Pcap.Net.DevelopersPack.0.7.0.46671.x64\src\InterpretingThePackets\Program.cs

            // Compile the filter
            using (BerkeleyPacketFilter filter = communicator.CreateFilter("ip and udp"))
            {
                // Set the filter
                communicator.SetFilter(filter);
            }

            Console.WriteLine("Listening on " + selectedDevice.Description + "...");

            // start the capture
            communicator.ReceivePackets(0, PacketHandler);
    }


    // Callback function invoked by libpcap for every incoming packet
    private static void PacketHandler(Packet packet)
    {
        // print timestamp and length of the packet
        Console.WriteLine(packet.Timestamp.ToString("yyyy-MM-dd hh:mm:ss.fff") + " length:" + packet.Length);

        IpV4Datagram ip = packet.Ethernet.IpV4;
        UdpDatagram udp = ip.Udp;

        // print ip addresses and udp ports
        Console.WriteLine(ip.Source + ":" + udp.SourcePort+ " -> " + ip.Destination + ":" + udp.DestinationPort);
    }

Isn't it enough?

Vasiliy Borovyak  2010-08-19 07:49:20
@Vasiliy - I'm ok getting down to the UDP packet with PCap.Net, but it's parsing the detail of a UDP packet that is carrying DNS responses I'm interested in. Basically want to be able to have a DNS response UDP packet, then parse it to obtain the IP address(es?) within the Answer records of the DNS packet which are Type A (not Type CNAME). So basically being able to parse out the DNS portion of a UDP/DNS packet.
Greg  2010-08-19 10:15:25
Now the question is more clear. Well, several years ago I was able to extract IPs from DNS packets. All I used is some RFCs. Try this: http://www.pjsip.org/pjlib-util/docs/html/group__PJ__DNS__PARSING.htm
Vasiliy Borovyak  2010-08-19 12:01:44
A: 

I found the following project which had the code to do this

http://www.codeproject.com/KB/IP/dnslookupdotnet.aspx

The Response.cs class in particular. Also note there is a bug in the code but the comments on the page highlight where this is.

Greg  2010-08-27 22:20:21

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?