parsing - Looking For A Packet Description Language (Preferably With A C# Implementation) -


i in process of developing special-purpose network tool packet sniffing , decoding capabilities. looking languages designed assist in dissection/decoding of arbitrary packet formats. idealy, solution should based on open standards. there related questions on so, deal full lifecycle of packet sniffing (i don't care capture, there other libraries well).

in general, i'm looking language , supporting framework declaritive definition of packet formats , corresponding run-time decoding. because problem can generalized non-network binary data, solution arbitrary binary streams in scope. little surprised no such standard exists in mature , robust state (at least find) - though there seem lot of interesting not-quite-right , almost-there projects (see below). perhaps speaks difficulty of problem, or maybe lack of demand.

by way of example, i'm interested in technologies , ideas similar following (in no particular order):

  • packet.net - job of converting binary packet representations structures, dissectors hard-coded , doesn't appear able handle more complex formats.
  • dfdl - i've been following 1 while , participating in teleconferences year or ago. standard seems reaching maturity, implementation appears challenging. not mind getting hands dirty, i'm not sure i've got resources on project implement such wide-ranging standard scratch purpose.
  • network monitor open source parsers - project describes packets using c-like syntax use microsoft network monitor. has lot of packets defined , language appears robust enough support complex structures. unfortunately, implemention of execution engine in netmon , while grammar language reverse-engineered, implementing processing engine might difficult. worry because of explicit tie between parser language , netmon tool there non-general aspects language make inappropriate uses in other tools.
  • netpdl - 1 looks interesting, development seems have languished. it's not totally clear how make use of execution engine outside of own environment.
  • wireshark dissectors - i've thought wrapping/using native wireshark dissectors purpose, tied pretty closely wireshark itself. dissectors use code perform of decoding, little counter i'm looking - i'd prefer that's little more declaritive (though there's balance since complex packet structures require switching , other logic determine final makeup).
  • bsdl - academic language similar in concept dfdl (see above). interesting , in right direction, outside of couple papers nothing else seems exist.

i'm not looking complete solution here (though if knows of 1 haven't covered, great). i'm more interested in comments or anecdotes technologies i've indicated above pointers or ideas routes haven't thought of or covered.

wireshark dissector framework powerful. please read description here -

http://www.wireshark.org/docs/wsdg_html_chunked/chapterdissection.html#chdissectworks

i had solve similar problem yours. me protocol had agnostic of actual medium of transit (mainly udo or top) during test in memory ipc.

so defined protocol in structured manner using protobuf -

http://code.google.com/p/protobuf/

and defined dissector myself not - http://code.google.com/p/protobuf-wireshark/

so analyse using direct in memory analysis dissection when in test , wireshark dissection when on wire. there lot of code reuse between memory dissector , wireshark dissector of course protocol defined agnostically using protobuf.


Comments

Post a Comment

Popular posts from this blog

c# - SharpSVN - How to get the previous revision? -

i trying find efficient way previous revision of file text comparison using sharpsvn. using (svnclient c = new svnclient()) { c.authentication.defaultcredentials = new networkcredential( configurationmanager.appsettings.get("svnserviceusername") , configurationmanager.appsettings.get("svnservicepassword") , configurationmanager.appsettings.get("svnservicedomain") ); c.authentication.sslservertrusthandlers += new eventhandler<svnsslservertrusteventargs>(authentication_sslservertrusthandlers); collection<svnfileversioneventargs> fileversioncollection = new collection<svnfileversioneventargs>(); svnrevisionrange range = new svnrevisionrange(0, this.hooks.revision); svnfileversionsargs args = new svnfileversionsargs(); args.retrieveproperties = true; args.range = range; foreach (svnchangeitem item in log.changedpaths) { string path = this.repositorypath + it...
Read more

c++ - Is it possible to compile a VST on linux? -

for class project i'm attempting write vst plugin backed cuda. current cuda workflow on linux box, i'd prefer compile , link there. according wikipedia , should possible (i couldn't find steinberg documentation relevant linux) can't find makefile or instructions on how build if aren't using xcode or visual studio. i'm vst 3 sdk doesn't support linux. when try compile plugin under linux, error: ./base/source/fatomic.cpp:39:30: fatal error: libkern/osatomic.h: no such file or directory this issue caused following code in "vst3 sdk/base/source/fatomic.cpp" #if mac #include <libkern/osatomic.h> #if mac_os_x_version_min_required > mac_os_x_version_10_4 #define native_atomic_type (volatile int32_t*) #else #define native_atomic_type (int32_t*) #endif #elif windows #include <windows.h> #endif but hope compiling under linux work vst sdk 2.4. reading. jvstwrapper seems run on lin...
Read more

url - Querystring manipulation of email Address in PHP -

i using third party application (email2http) send me emailid, body , message. unable retrieve email id due name appended on , enclosed < , >. here querystring getting. test.php?from=ajay+reddy &subject=cx&body=somebody when print variable in php returns name , not email id. $from = $_get['from']; echo $from; //output ajay reddy please suggest me how can emailid also. i dont want use post method due testing , debugging. it's working fine. forgot use htmlentities() in debugging.
Read more