i have written a packet capturing program with the sharpcap library. upon capturing udp packets from a specific ip, the program decodes the packet (they are encrypted with offsets) and then saves the data portion of the packet into a text file (in byte format).

how would i go about formatting the saved data to show its actual information? i know what SHOULD be in the data when properly formatted. im just not sure how to go about it.

thanks in advance

I would install Wireshark and capture a UDP packet - It should show you the different parts of it at the bottom of the screen (works for TCP).

what do you mean a readable text? if so you may use System.Text.Encoding.Default.GetString() method to convert from byte array

currently i am using:


string[] filedatasplit = filedata.Split(' ', '-');

foreach (string hex in filedatasplit)
{
int value = Convert.ToInt32(hex, 16);
string stringvalue = Char.ConvertFromUtf32(value);
char charValue = (char)value;
Console.Write(charValue);
}


and although some of the data comes out correctly (readable) but other parts come out as xtended ascii or other weird characters. this leads me to believe that there are multiple formats in the same data. could this be possible?

someone has told me that certain bytes in the data are garbage and not meant to be used for anything. so go figure.

while i am not new to programming i am still very much a hack when it comes to c#. ive searched google for help on formatting these bytes but to no avail. sorry for the noobishness.

thread, i tried the method that you posted and all that came out was "????????????????????"

<bump>

1) Please properly set up your profile and enable Private messageing so posts do not clutter up threads [Why do people find it so hard to follow the available documentation? :rolleyes::sick:]

2) It is VERY rude to "Bump" in periods of less than 24 hours. A lack of a response is typically caused by a lack of sufficiently detailed and understandable information in the post.

3) You already said "I know what it SHOULD be"..yet you have not provided any information about that, nor aany samples of the raw data.

4) All code samples should be enclosed in code tags.

Note #1,#2,#4 are ALL covered in the FAQ's which should be carefully reviewed before posting.....

for example the raw data

{C9 12 7C 00 FF FF FF FF 74 69 6D 79 00 3F 8F C2 75 3D D7 A3 70 3F 00 00 00 00 00 00 7B}


returns the string

http://i35.tinypic.com/2uz46ea.jpg

Yes, that is what the packet contains when it is treated as a string....

What do you EXPECT??? [the first half of item #3 in my previous post]

"hello world" was expected. whats missing is a few integer values but i am not sure of their location.

"hello world" was expected. whats missing is a few integer values but i am not sure of their location.

But you should know what their expected VALUES are for a given packet. Otherwise you do not know "what" to expect....