Geeks With Blogs

Lance's TextBox

Follow UDP Stream2 A customer was having a problem receiving an SNMP trap with a 64 bit timestamp in it.  In order to test, I wanted to send the exact same trap the customer was sending, using the basic UDPPort component of IP*Works! INSTEAD of the SendTrap or SendSecureTrap methods that are included in IPWorks SSNMP's SNMPAgent component.  It turns out WireShark gives me an extremely easy way to do this in my code.

I opened the Wireshark cap file sent to me by the customer, which only included the SNMP trap (important, but I could have filtered it myself).  I right clicked on the SNMP trap and chose "Follow UDP Stream".  Since the sniff only included the single UDP packet, this displays the UDP payload that makes up the trap.  Then I noticed "C Arrays" in the format options for viewing the data.  Clicking this displayed the data in a c byte array instead of the raw bytes.  Very handy for copying and pasting right over to my own C# code!

Now to send this exact trap, all I need to do is:

   1:  nsoftware.IPWorks.Udpport agent = new Udpport();
   2:  agent.LocalPort = 0;
   3:  agent.RemoteHost = "";
   4:  agent.RemotePort = remoteport; //trap port      
   5:  agent.Active = true;
   6:  byte[] mytrap = new byte[] {
   7:          0x30, 0x6f, 0x02, 0x01, 0x00, 0x04, 0x06, 0x70, 
   8:          0x75, 0x62, 0x6c, 0x69, 0x63, 0xa4, ... etc ... }; 
   9:  agent.DataToSendB = mytrap;


Technorati Tags: , , ,
Posted on Tuesday, June 3, 2008 12:37 PM Programming | Back to top

Comments on this post: View WireShark Payload Data as Byte Arrays

# re: View WireShark Payload Data as Byte Arrays
Requesting Gravatar...
I thought this had solved my problem and eagerley fired up Wireshark only to find that there was no "Follow UDP Stream" menu item :-(

Now to find out why...
Left by Steve Nutt on Mar 13, 2010 12:54 AM

Your comment:
 (will show your gravatar)

Copyright © Lance Robinson | Powered by: