cannot parse the tcp.Payload on windows server 2008

Dec 5, 2012 at 3:42 AM

I created an c#.net winform application using pcap.net library to view the traffic between my application and a server.  with the code below I can view the payload info.

My problem is I cannot view the payload when i run this on windows server 2008. the payload is not parse correctly( see bottom). would someone help me with this please??

thanks a lot

 

IpV4Datagram ip = packet.Ethernet.IpV4;
TcpDatagram tcp = ip.Tcp;
Datagram dg = tcp.Payload;

// put payload into string method 1
MemoryStream ms = dg.ToMemoryStream();
StreamReader sr = new StreamReader(ms);
string content = sr.ReadToEnd();

// put payload into string method 2
string content = Encoding.ASCII.GetString(dg.ToArray());
//tried with UTF8/UTF32/unicode

here are the sample value of the string
??&???m^???q?U?T?NT??Vm?????]'[?];?Q??\?m??
A??.?Ha????s??????????sqr?mu$iwm??`I??	?Cg=????R??7??uit??7q????c????;3????b?^4?t????d???Nymg;fBI&5' ???&??,j??sM.?k?Z??G?i???w_????9?~??l^{?q??i????R)S?9??2???xo?_x????^??_?RZ?????y?0????o ?:r?\?]R?????[?n?#??Nq???}??+???????U??i?V??K?5k???,|E?hi?V?U?%??????I?*?|?+?C?xu,AW?x?O?
???f?r???X?VG;?aK2[w??????_?7???o???Z??6C

Coordinator
Dec 7, 2012 at 1:20 PM

Hi mzhongx,

 

Can you give a sample of .pcap file so I can take a look?

 

Boaz.

Jan 31, 2013 at 8:06 AM
Hi Brickner,

how can i generate a .pcap file for you to have a look?

also, i just found another issue. I run a application with pcap.net libs on my windows xp machine and it works well.

however, when i setup the proxy server through
Internet options=> connection => LAN setup(bottom right)=> Proxy server. things start to go wrong.

again I faced the old problem, I can not parse the packets,even not the http headers in the packets.

however, the firebug can parse the headers easily. firefox=> tools=>web developer=>developer toolbar=>web console(which is shown at the bottom of firefox)
any ideas?

thanks a lot

cheers

cooper
Coordinator
Feb 4, 2013 at 5:25 PM
Please use Wireshark to capture some packets so I can take a look and maybe guess what is the problem.
Mar 14, 2013 at 7:09 AM
hi Brickner,

here is the .pcapng i generated using wireshark.
http://wikisend.com/download/457796/needHelp.pcapng

the hosting environment is MS server 2008 R2. and I try to parse the http request (something like: /get httt://ajksdhfl.asdifsdl.asdhfklas)
but the pcap.net can not parse the packets.

the same code works fine in XP machine.

PS: one the server 2008 r2, i run a XP virtual machine(vmware stationary), and the code works fine in the virtual machine. so i think it has issues with the MS server 2008 R2.

thanks a lot for the help


cheers

cooper
Coordinator
Mar 22, 2013 at 10:06 AM
Hi cooper,

I have downloaded the file.
It seems that at least one packet is cut in the middle (that's what Wireshark says).
Is it opened without a problem in Wireshark for you (no message)?

Can you identify which packet does Pcap.Net fails on (even just its index in the file)?

Thanks,

Boaz.