Мне нужна помощь для получения ipfix или traffi c потока с сетевого устройства, например, Mikrotik или cisco Router в приложении c#, и я могу найти эту запись Данные IPFIX через UDP в C# - могу ли я декодировать данные ? и Декодирование пакетов IPFIX с использованием BitArray C#, и моя программа
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Net;
using System.Net.Sockets;
using System.Text;
using System.Collections;
namespace ConsoleApplication2
{
class Program
{
private const int listenPort = 2055;
static void Main(string[] args)
{
StartListener();
}
private static void StartListener()
{
bool done = false;
UdpClient listener = new UdpClient(listenPort);
IPEndPoint groupEP = new IPEndPoint(IPAddress.Any, listenPort);
try
{
while (!done)
{
Console.WriteLine("Waiting for broadcast");
byte[] bytes = listener.Receive(ref groupEP);
ParseMessageHeader(bytes);
Console.WriteLine(ParseMessageHeader(bytes).ToString());
Console.WriteLine(ParseMessageHeader(bytes).Version.ToString());
Console.WriteLine(ParseMessageHeader(bytes).Length.ToString());
}
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
}
finally
{
listener.Close();
}
}
private static IPFIX ParseMessageHeader(byte[] bytes)
{
IPFIX ret = new IPFIX();
ret.Version = ToUInt16BigEndian(bytes, 0);
ret.Length = ToUInt16BigEndian(bytes, 2);
ret.ExportTime = (new DateTime(1970, 1, 1, 0, 0, 0)).AddSeconds(ToUInt32BigEndian(bytes, 4));
ret.SequenceNumber = ToUInt32BigEndian(bytes, 8);
ret.ObservationDomainID = ToUInt32BigEndian(bytes, 12);
ret.Sets = new List<Set>();
Int32 CurOctet = 16;
Set S;
while (true)
{
S = new Set();
S.SetId = ToUInt16BigEndian(bytes, CurOctet);
S.Length = ToUInt16BigEndian(bytes, CurOctet + 2);
S.data = bytes.Skip(CurOctet).Take(S.Length).ToArray();
ret.Sets.Add(S);
CurOctet += S.Length;
if (CurOctet >= ret.Length)
{
break;
}
}
return ret;
}
public static UInt16 ToUInt16BigEndian(byte[] value, int startIndex)
{
return System.BitConverter.ToUInt16(value.Reverse().ToArray(), value.Length - sizeof(UInt16) - startIndex);
}
public static UInt32 ToUInt32BigEndian(byte[] value, int startIndex)
{
return System.BitConverter.ToUInt32(value.Reverse().ToArray(), value.Length - sizeof(UInt32) - startIndex);
}
struct IPFIX
{
public UInt16 Version;
public UInt16 Length;
public DateTime ExportTime;
public UInt32 SequenceNumber;
public UInt32 ObservationDomainID;
public List<Set> Sets;
}
struct Set
{
public UInt16 SetId;
public UInt16 Length;
public byte[] data;
public SetType SetType
{
get
{
if (SetId == 2) return SetType.TemplateSet;
if (SetId == 3) return SetType.OptionTemplate;
if (SetId > 255) return SetType.DataSet;
throw new ArgumentOutOfRangeException("SetId", "SetId not in expected range of 2, 3 or >255");
}
}
}
enum SetType { TemplateSet, OptionTemplate, DataSet };
}
}
, не работает и не видит данные, видит только версию и длину, пожалуйста, помогите мне, чтобы увидеть sr c адрес dst и адрес sr c, порт dst - это шаблон потока
FlowSet 1 [id=0] (Data Template): 256,257
FlowSet Id: Data Template (V9) (0)
FlowSet Length: 184
Template (Id = 256, Count = 22)
Template Id: 256
Field Count: 22
Field (1/22): LAST_SWITCHED
Field (2/22): FIRST_SWITCHED
Field (3/22): PKTS
Field (4/22): BYTES
Type: BYTES (1)
Length: 4
Field (5/22): INPUT_SNMP
Field (6/22): OUTPUT_SNMP
Field (7/22): IP_SRC_ADDR
Field (8/22): IP_DST_ADDR
Field (9/22): PROTOCOL
Field (10/22): IP_TOS
Field (11/22): L4_SRC_PORT
Field (12/22): L4_DST_PORT
Field (13/22): IP_NEXT_HOP
Field (14/22): DST_MASK
Field (15/22): SRC_MASK
Field (16/22): TCP_FLAGS
Field (17/22): DESTINATION_MAC
Field (18/22): SOURCE_MAC
Field (19/22): postNATSourceIPv4Address
Field (20/22): postNATDestinationIPv4Address
Field (21/22): postNAPTSourceTransportPort
Field (22/22): postNAPTDestinationTransportPort
Template (Id = 257, Count = 21)
Template Id: 257
Field Count: 21
Field (1/21): IP_PROTOCOL_VERSION
Field (2/21): IPV6_SRC_ADDR
Field (3/21): IPV6_SRC_MASK
Field (4/21): INPUT_SNMP
Field (5/21): IPV6_DST_ADDR
Field (6/21): IPV6_DST_MASK
Field (7/21): OUTPUT_SNMP
Field (8/21): IPV6_NEXT_HOP
Field (9/21): PROTOCOL
Field (10/21): TCP_FLAGS
Field (11/21): IP_TOS
Field (12/21): L4_SRC_PORT
Field (13/21): L4_DST_PORT
Field (14/21): FLOW_LABEL
Field (15/21): IPV6_OPTION_HEADERS
Field (16/21): LAST_SWITCHED
Field (17/21): FIRST_SWITCHED
Field (18/21): BYTES
Type: BYTES (1)
Length: 4
Field (19/21): PKTS
Field (20/21): DESTINATION_MAC
Field (21/21): SOURCE_MAC
Спасибо