decoding string-coded hex-number to decimal

Jan 12, 2011 at 3:05 PM

Hi folks,
it's rather easy to pull a protocol with NM. (Unfortunately the hint that .Net 2.0 is needed is missing!)
Now I want to write a parser for my needs. But in my mind there are still some open questions:

  1. I'm missing to just note down something, just like in C a variable 'int i = 5;' would be.  But if I got it right, here this would read the next item from the protocol...?
  2. I haven't found an understandable explanation of 'Properties' or 'Properties.T'
  3. What's the use of the square bracket?
  4. UINT8 MyDummy; always generates output 'MyDummy: 0 (0x0)'  Can I suppress it completely? (It might be an useless field containing dummy-data)
  5. Any multi-dimensional arrays or tables? (The switch statement in a table could contain nested switch statements using a 2nd parameter ;-)
  6. .. and the last one:

My protocol contains a string containing a hexadecimal number, that I want to print out decimal?

The hex number: 12AB is contained in the protocol as string. So I have to decode the bytes
  31 32 61 62
With
  AsciiString(4) mySickString = FormatString("%s", this);
I can see the string "12AB" in my protocol. But how can I get the desired decimal value 4779?
StringToNumber unfortunately can only handle decimals and has no option for the base 16.

Thanks in advance for any hint!

Kind regards

Geraldino

Jan 13, 2011 at 5:40 AM
Edited Jan 14, 2011 at 12:29 PM

Hi Geraldino,

Thanks for using Netmon and the interest for creating parsers. Please find my answers to your questions below:

Unfortunately the hint that .Net 2.0 is needed is missing!
[Luther] As far as I know, Netmon is created with completely native code, so there should be no dependency to .NET.

I'm missing to just note down something, just like in C a variable 'int i = 5;' would be. But if I got it right, here this would read the next item from the protocol...?
[Luther] The members are automatically assigned values from the real capture data, so you cannot change the value. The global/conversation/frame 'property' (which is mentioned in your next question) should be the one you are looking for.

I haven't found an understandable explanation of 'Properties' or 'Properties.T'
[Luther] Property.T declares a variable T with its life cycle inside the same frame parsing.

What's the use of the square bracket?
[Luther] [] is used to hold statements which do not consume data from the capture, including properties (variables) operations, plugins (built-in method invocation), and type casting (look-ahead).

UINT8 MyDummy; always generates output 'MyDummy: 0 (0x0)' Can I suppress it completely? (It might be an useless field containing dummy-data)
[Luther] Netmon will display every field it parsed. However, there is a workaround, using dynamicswitch. But this approach is not recommended, only use it if it's very important to you. You can find examples in xmlelement.npl. To consume and hide whitespaces,

while [ String(FrameData, FrameOffset, Property.XMLEncoding, 1) == Property.XMLSpace ]
{
    DynamicSwitch String(Property.XMLEncoding, 1)
    {
        default: struct{}
    };
}

Any multi-dimensional arrays or tables? (The switch statement in a table could contain nested switch statements using a 2nd parameter ;-)
[Luther] Unfortunately there is no multi-demensional arrays in NPL. But you can still simulate by using nested structs, e.g.

struct MultiArray
{ 
    Array Rows[100]; 
}

struct Array
{ 
    UINT8 Values[100]; 
}

My protocol contains a string containing a hexadecimal number, that I want to print out decimal?
[Luther] You can use StringToNumber plugin to convert the value to an integer, and then print it as you want. FormatString("%u", StringToNumber("0x" + this))

Jan 13, 2011 at 9:32 AM

Hi Luther,

Thanks for your fast and (almost ;-) complete answer!

Formattingsometimescanbetricky;-) (That's what I always promise my wife: "Let me just finish this single line ..."  ;-)

 

But now back to NM:

As already mentioned: StringToNumber("12AB") returns 0, because hex-string converting to number isn't supported.

I've already thought about separating it to bytes and converting it by hand. (is multiplication and table returning number available?)

 

I use the command line version:      nmcap.exe /network * ...

On a system without .Net I've seen the message:

Error(1169): '/Networks' - Invalid Parameter '*'

 

Thanks a lot!

Geraldino

Jan 13, 2011 at 10:18 AM

Sorry for the poor formatting... My browser didn't work properly on this site, and when I submitted the post, all contents went to the same line :(. I have edited the post on another computer.

You need to add a prefix "0x" to the hex numbers. FormatString("%u", StringToNumber("0x" + this)) . I also edited this in original answer to avoid confusion to other visitors.

I will look into the .NET dependency and get back to you later.

Thanks,

Luther

Jan 14, 2011 at 12:55 PM

I installed netmon 3.4 on a clean windows 2003, and both the UI and nmcap could work correctly. I also double checked that .NET 2.0 is not installed.

I guess you used the wrong parameter, I noticed that you were using Networks

Jan 18, 2011 at 9:00 AM

Hi Luther,

/Network and /Networks work both! The helpfile recommends both! If you use the parameter /Network (without 's') then, in the case of error, you'll get the error-message containing the 's'.

The error mentioned above appears when a less privileged user tries to start nmcap.exe. My user could see the NICs with ipconfig /all but nmcap.exe doesn't seem to see them.

This error is very hard to find! The developers at Microsoft should rework this urgently.

The solution on my site would be to use an Administrator. Do you know how to give (or check) a non-admin just the rights for using the NIC?

Thanks in advance

Geraldino

Jan 18, 2011 at 9:10 AM

Hi Geraldino,

Thanks for your feedbacks. Here are some texts from the help file of Netmon,

To run from a normal user account, go to Control Panel and click Administrative Tools. Click Computer Management, click Local Users and Groups, click Groups, and then click Netmon Users. Verify that the user account is in the group. If the user account is not in the group, add the account. Changes to a user's group membership are not effective until the next time the user logs on.

Hope it helps.


Thanks,

Luther