如何在c#中读取Wireshark创建的Ascii转储文件 [英] How to read Ascii dump file created by Wireshark in c#
问题描述
我是这个领域的新手,不知道协议是如何工作的。我想读取ASCII转储文件并转换为含义完整形式但无法做到框架开始和结束的地方以及我如何从中读取数据什么是正确的机制是任何人都有一些经验然后请帮助我。
转储文件样本在这里...
M< +? ? YYYYYYYY? + 64位Windows 7 Service Pack 1,build 7601? - Dumpcap 1.8.6(来自/trunk-1.8的SVN Rev 48142)? ? ÿÿ? 2 \Device\NPF_ {CF88DC64-E3C2-481D-829E-AF96FBC56F4C}? ? + 64位Windows 7 Service Pack 1,build 7601? Èñé? ÑT¶ú| |üHï!bÛ?z±É@? E~ý'
d?T
d 4?Q?QRàÿ÷á¬? XN ......? ?`?? ?? ?? H ? ? ]? W'½`?Æ€?????? ??)3? ?R 111 ?? 3HA ??? 0d.I? ?¬Àk&($ ???†?????????????????????????????????????????????????? ±É@?E 0ýú
d?T
d 4
$ b $bÈ
$ b $bÈ(Hßx<? ?‡D1
??€?``ñé??U?>>>üHï!bÛ?z±É@?E 0ýú
d? T $ / $
d 4?Ø?Ø<°b!ðá?????
??€```ñé??U?>>>üHï!bÛ ?z±É@?E 0ýú
d?T
d 4?'?'?õêòJ???†2Á
? ?€??ñé?AU¶úJJüHï!bÛ?z±É@?E<ýî
d?T
d 4?&?> ;56œúò??????????
d?T l?`ñé?OU¶ú>>üHï!bÛ?z±É@?E 0ýú
d?T
d 4?Ý?Ý?äv?aà?Uø
````ñé?ÞZúú>>üHï !bÛ?z±™?E 0þŸê
d?d
Hi i am new in this field no idea how protocols work. i want to read ASCII dump file and convert into meaning full form but unable to do it where is frame start and end and how i read data from it what is proper mechanism is any one have some experience then kindly help me.
A dump file sample is here...
„ M<+ ÿÿÿÿÿÿÿÿ + 64-bit Windows 7 Service Pack 1, build 7601 - Dumpcap 1.8.6 (SVN Rev 48142 from /trunk-1.8) „ ˆ ÿÿ 2 \Device\NPF_{CF88DC64-E3C2-481D-829E-AF96FBC56F4C} + 64-bit Windows 7 Service Pack 1, build 7601 ˆ È ñé ÑT¶ú¦ ¦ üHï!bÛ z±É@ E ˜ ý„ ’
dT
d 4QQ Ràÿ÷ᬠxN…" `h h ] W½`Æ € )3 r 3HA0d.I ¬Àk&($ † a¡ ¢ £¡ È ` ñé U¶ú> > üHï!bÛ z±É@ E 0 ý„ ú
dT
d 4
È
È (Hßx‹ ‡D1
€ ` ` ñé U¶ú> > üHï!bÛ z±É@ E 0 ý„ ú
dT
d 4ØØ <°b!ðá òÈ
€ ` ` ñé U¶ú> > üHï!bÛ z±É@ E 0 ý„ ú
dT
d 4'' õêòJ †2Á
€ ` l ñé AU¶úJ J üHï!bÛ z±É@ E < ý„ î
dT
d 4&& >56œúò y¦'È
dT l ` ñé OU¶ú> > üHï!bÛ z±É@ E 0 ý„ ú
dT
d 4ÝÝ Åv?aà Uø‹
„ ` ` ñé ÞZ¶ú> > üHï!bÛ z±™ E 0 þ„Ÿê
dd
?? ?? ?????????????????????????????????????????????? >üHï!bÛ?z±É@?E 0ýú
d?T
d 4
$ b $bÈ
$ b $bÈ(Hßx? ? ‡D1
??€`? ñé? ?U¶ú> > üHï!bÛ?z±É@? E 0ú
d?T
d 4?Ø?Ø<°b!ðá? ? ?òÈ
??€`? ñé? ?U¶ú> > üHï!bÛ?z±É@? E 0ú
d?T
d 4?'?'?õêòJ?? ? †2Á
??€`?我ñ? AU¶JJüHï!bÛ?z±É@? E< ýî
d?T
d 4?&?&>56œúò? ? ? ? ?你好吗? ?
d?T l? ñé? OU¶ú> > üHï!bÛ?z±É@? E 0ýú
d?T
d 4?Ý?Ý?Åv?aà? ? Uø<
`? ñé? ÞZ¶ú> > üHï!bÛ?z±™? E 0þŸê
d?d
† a¡ ¢ £¡ È ` ñé U¶ú> > üHï!bÛ z±É@ E 0 ý„ ú
dT
d 4
È
È (Hßx‹ ‡D1
€ ` ` ñé U¶ú> > üHï!bÛ z±É@ E 0 ý„ ú
dT
d 4ØØ <°b!ðá òÈ
€ ` ` ñé U¶ú> > üHï!bÛ z±É@ E 0 ý„ ú
dT
d 4'' õêòJ †2Á
€ ` l ñé AU¶úJ J üHï!bÛ z±É@ E < ý„ î
dT
d 4&& >56œúò y¦'È
dT l ` ñé OU¶ú> > üHï!bÛ z±É@ E 0 ý„ ú
dT
d 4ÝÝ Åv?aà Uø‹
„ ` ` ñé ÞZ¶ú> > üHï!bÛ z±™ E 0 þ„Ÿê
dd
您将需要获得有关文件格式的文档。我不认为它存在于Wireshark的开发者之外。请联系Wireshark查询。
如果没有该文档,您无法成功解析该文件。
You're going to have to get the documentation on the format of the file. I don't think it exists outside of the developer of Wireshark. Contact Wireshark to find out.
Without that documentation, you have no hope of successfully parsing that file.
这篇关于如何在c#中读取Wireshark创建的Ascii转储文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!