IPFIX data over UDP to C# - can I decode the data?

百般思念 提交于 2019-12-13 14:19:27

问题


I have a code sample from the MSDN website to create a UDP listener/client as I am trying to receive IPFIX/Netflow data from a firewall and then work with the data I receive. The code does work and starts to reveive data but its jargon (see below) so I guess I am not decoding it correctly.

Does anyone have any ideas what I need to do to be able to get the data in the correct format?

The code I am using is:

using System;
using System.Net;
using System.Net.Sockets;
using System.Text;

public class ConsoleApplication2
{
    private const int listenPort = 2055;

    private static void StartListener()
    {
        bool done = false;

        UdpClient listener = new UdpClient(listenPort);
        IPEndPoint groupEP = new IPEndPoint(IPAddress.Any, listenPort);

        try
        {
            while (!done)
            {
                Console.WriteLine("Waiting for broadcast");
                byte[] bytes = listener.Receive(ref groupEP);

                Console.WriteLine("Received broadcast from {0} :\n {1}\n",
                    groupEP.ToString(),
                    Encoding.ASCII.GetString(bytes, 0, bytes.Length));
            }

        }
        catch (Exception e)
        {
            Console.WriteLine(e.ToString());
        }
        finally
        {
            listener.Close();
        }
    }

    public static int Main()
    {
        StartListener();

        return 0;
    }
}

And the data I get back is:

?M?▼? '$▬+? ☺☺ ?M?▼???k` &??_?07????Q??E?U?j ♥ ☻
♠ P ♣ x ♣ ► ♥ → ♦ ☼?M?▼?M?▼? 1♠ ►?
? ☺

Thanks in advance,

James


回答1:


You're assuming that the data being received is in ASCII format when in fact it's structured thusly: See here. The messages have a header and data sets etc. You need to evaluate the data based on the standard, not just a straight text conversion.

Here, for example is the message header format. A text conversion simply won't do anything with this:

3.1. Message Header Format

   The format of the IPFIX Message Header is shown in Figure F.

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |       Version Number          |            Length             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                           Export Time                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                       Sequence Number                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Observation Domain ID                      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


来源:https://stackoverflow.com/questions/5666413/ipfix-data-over-udp-to-c-sharp-can-i-decode-the-data

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!