SharpPcap - A Packet Capture getting messesge problem

Question

I trying to capture packets using SharpPcap library. I'm able to return the packets details but I'm having problem to get what the message content inside the packet.

the packet using .Data to return the message and when I use it it is returning (System.Byte[]).

here is the library website: http://www.codeproject.com/KB/IP/sharppcap.aspx

here is my code:

string packetData;
        private void packetCapturingThreadMethod()
            {

            Packet packet = null;
           int countOfPacketCaptures = 0;

            while ((packet = device.GetNextPacket()) != null)
                {

                packet = device.GetNextPacket();
                if (packet is TCPPacket)
                    {
                    TCPPacket tcp = (TCPPacket)packet;
                    myPacket tempPacket = new myPacket();

                    tempPacket.packetType = "TCP";
                    tempPacket.sourceAddress = Convert.ToString(tcp.SourceAddress);
                    tempPacket.destinationAddress = Convert.ToString(tcp.DestinationAddress);
                    tempPacket.sourcePort = Convert.ToString(tcp.SourcePort);
                    tempPacket.destinationPort = Convert.ToString(tcp.DestinationPort);
                    tempPacket.packetMessage = Convert.ToString(tcp.Data);
                    packetsList.Add(tempPacket);

                     packetData = 
                        "Type= TCP" +
                        "   Source Address = "+  Convert.ToString(tcp.SourceAddress)+
                       "   Destination Address =" +Convert.ToString(tcp.DestinationAddress)+
                       "   SourcePort =" +    Convert.ToString(tcp.SourcePort)+
                       "   SourcePort =" +Convert.ToString(tcp.DestinationPort)+
                       "   Messeage =" + Convert.ToString(tcp.Data);
                    txtpackets.Invoke(new UpdatetxtpacketsCallback(this.Updatetxtpackets),
            new object[] { packetData });


                    string[] row = { packetsList[countOfPacketCaptures].packetType, packetsList[countOfPacketCaptures].sourceAddress, packetsList[countOfPacketCaptures].destinationAddress, packetsList[countOfPacketCaptures].sourcePort, packetsList[countOfPacketCaptures].destinationPort, packetsList[countOfPacketCaptures].packetMessage };
                    try { //dgwPacketInfo.Rows.Add(row); countOfPacketCaptures++;
                    //lblCapturesLabels.Text = Convert.ToString(countOfPacketCaptures);
                    }
                    catch (Exception e) { }

                    }
                else if (packet is UDPPacket)
                    {

                    UDPPacket udp = (UDPPacket)packet;


                    myPacket tempPacket = new myPacket();

                    tempPacket.packetType = "UDP";
                    tempPacket.sourceAddress = Convert.ToString(udp.SourceAddress);
                    tempPacket.destinationAddress = Convert.ToString(udp.DestinationAddress);
                    tempPacket.sourcePort = Convert.ToString(udp.SourcePort);
                    tempPacket.destinationPort = Convert.ToString(udp.DestinationPort);
                    tempPacket.packetMessage = udp.Data.ToArray() + "\n";
                    packetsList.Add(tempPacket);

                    packetData = 
                        "Type= UDP" +
                        "   Source Address = "+  Convert.ToString(udp.SourceAddress)+
                       "   Destination Address =" +Convert.ToString(udp.DestinationAddress)+
                       "   SourcePort =" +    Convert.ToString(udp.SourcePort)+
                       "   SourcePort =" +Convert.ToString(udp.DestinationPort)+
                       "   Messeage =" + udp.Data.ToArray() + "\n";
                    string[] row = { packetsList[countOfPacketCaptures].packetType, packetsList[countOfPacketCaptures].sourceAddress, packetsList[countOfPacketCaptures].destinationAddress, packetsList[countOfPacketCaptures].sourcePort, packetsList[countOfPacketCaptures].destinationPort, packetsList[countOfPacketCaptures].packetMessage };
                    try {
                        //dgwPacketInfo.Rows.Add(row);
                    //countOfPacketCaptures++;
                    //lblCapturesLabels.Text = Convert.ToString(countOfPacketCaptures);
                        txtpackets.Invoke(new UpdatetxtpacketsCallback(this.Updatetxtpackets),
               new object[] { packetData });

                    }
                    catch (Exception e) { }


                    }


                }
            }

Answer 1

The parser isn't that complex...

I looked at the Packet.Net code (which is the parse for SharpPcap) and all of the fields are stored in commonly used formats.

The IP Addresses are stored in System.Net.IPAddress format so you can just call .ToString on them to get a text string that properly includes the dot marks.

The port numbers are stored as ushort which can be printed the same as any other integer.

The only part that needs to be interpreted in its binary form is the Data field because that changes based on what protocol is being used on the next layer up. SharpPcap/Packet.Net does most of the work for you already and fields are stored in the most convenient or identical forms to those found in the protocol specification. Just use intellisense to check the field's type and if it's not one you're familiar with (such as System.Net.IPAddress or System.NetworkInformation.PhysicalAddress (For MAC addresses)) just google it.

Answer 2

I found the answer...

Data is a byte array so I need to use bit converter and instead of using:

Convert.ToString(tcp.Data);

I should use:

BitConverter.ToString(tcp.Data)