NETFLOW PACKET VERSION 5 convert byte 24-27 to datetime
https://stackoverflow.com/questions/13097954
-
14-07-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
i have a plan to gather netflow packets(v5) come from a mikrotik router in c# app, i open a udp listener on the port which packets come and read the byte array, i split the packet byte array by looking at packet format caligare.com, as the packet format byte 24-27 is the "SysUptime at start of flow" , now i want to convert this 4 byte to datetime.
for example this 4 byte is 134 , 88, 157, 126 how should i do that?
thanks
Solution
These 4 bytes are basically a 32-bit integer. What you must be aware of while working with network-transmitted packets is byte order, or Endianness. In network-transmitted packets, these are ordered as big-endian, while Intel x86 architecture is little-endian. This means that bytes in the packet are in the opposite order to how the machine stores them.
This question has answers how to convert network-order (big-endian) bytes into host-order (little-endian on x86) bytes: C# little endian or big endian? You will need to convert the byte array that you have into an Int32 value in order to use IPAddress.NetworkToHost method:
using System;
using System.Net;
int netSysUptimeAtStart = BitConverter.ToInt32(uptimeStartArray, 0)
int sysUptimeAtStart = IPAddress.NetworkToHostOrder(netSysUptimeAtStart)
Once you get the correct integer, you need to convert it to TimeSpan (not DateTime as you're asking). The reason is that the "system uptime at start of flow" is not really a point in time, but rather a time span.
You need to find out which measure is used for uptime -- is it microseconds? seconds? Using that information, you can construct a correct TimeSpan using this:
http://msdn.microsoft.com/ru-ru/library/system.timespan(v=vs.90).aspx
