/// <summary>
/// Used to ask and then print out extended information about a specific frame
/// </summary>
/// <param name="hParsedFrame">Parsed Frame</param>
/// <param name="frameNumber">Frame Number to Display</param>
/// <param name="command">Command Line Parameters</param>
private static void PrintParsedFrameInformation(IntPtr hParsedFrame, uint frameNumber, CommandLineArguments command)
{
uint errno;
uint ulFieldCount;
string ds = "Frame #" + (frameNumber + 1);
// Is Selected
if (command.IsSelected(frameNumber))
{
ds += " (Selected)";
}
// Get Frame Timestamp
ulong timestamp;
errno = NetmonAPI.NmGetFrameTimeStamp(hParsedFrame, out timestamp);
if (errno == ERROR_SUCCESS)
{
ds += " " + DateTime.FromFileTimeUtc((long)timestamp).ToString();
}
else
{
ds += " Timestamp Couldn't be Retrieved.";
}
Console.WriteLine(ds);
Console.Write("Print Frame Info? (y/n) ");
char key = Console.ReadKey().KeyChar;
Console.WriteLine();
if (key == 'y' || key == 'Y')
{
errno = NetmonAPI.NmGetFieldCount(hParsedFrame, out ulFieldCount);
for (uint fid = 0; fid < ulFieldCount; fid++)
{
// Get Field Name
char[] name = new char[BUFFER_SIZE * 2];
unsafe
{
fixed(char *pstr = name)
{
errno = NetmonAPI.NmGetFieldName(hParsedFrame, fid, NmParsedFieldNames.NamePath, BUFFER_SIZE * 2, pstr);
}
}
if (errno == ERROR_SUCCESS)
{
Console.Write(new string(name).Replace("\0", string.Empty) + ": ");
}
else
{
Console.WriteLine("Error Retrieving Field, NmGetFieldName Returned: " + errno);
continue;
}
// Get Field Value as displayed in Netmon UI
name = new char[BUFFER_SIZE];
unsafe
{
fixed(char *pstr = name)
{
errno = NetmonAPI.NmGetFieldName(hParsedFrame, fid, NmParsedFieldNames.FieldDisplayString, BUFFER_SIZE, pstr);
}
}
if (errno == ERROR_SUCCESS)
{
Console.WriteLine(new string(name).Replace("\0", string.Empty));
}
else if (errno == ERROR_NOT_FOUND)
{
Program.PrintParsedFrameFieldValue(hParsedFrame, fid);
}
else
{
Console.WriteLine("Error Retrieving Value, NmGetFieldName Returned: " + errno);
continue;
}
}
Console.WriteLine();
}
}
static void Main(string[] args)
{
// / / Initialize NetworkMonitor API
NM_API_CONFIGURATION apiConfig = new NM_API_CONFIGURATION();
apiConfig.Size = (ushort)(System.Runtime.InteropServices.Marshal.SizeOf(apiConfig));
NetmonAPI.NmGetApiConfiguration(ref apiConfig);
apiConfig.ThreadingMode = 0;
NetmonAPI.NmApiInitialize(ref apiConfig);
IntPtr nplPointer = IntPtr.Zero;
NetmonAPI.NmLoadNplParser(null, NmNplParserLoadingOption.NmAppendRegisteredNplSets, pErrorCallBack, IntPtr.Zero, out nplPointer);
// / / Initialize Frame parser
IntPtr parserConfigPointer;
NetmonAPI.NmCreateFrameParserConfiguration(nplPointer, pErrorCallBack, IntPtr.Zero, out parserConfigPointer);
NetmonAPI.NmConfigConversation(parserConfigPointer, NmConversationConfigOption.None, true);
IntPtr ParserPointer;
NetmonAPI.NmCreateFrameParser(parserConfigPointer, out ParserPointer, NmFrameParserOptimizeOption.ParserOptimizeNone);
// / / Parse capture file
IntPtr captureFileHandle;
NetmonAPI.NmOpenCaptureFile("auto.cap", out captureFileHandle);
uint rawFrameCount;
NetmonAPI.NmGetFrameCount(captureFileHandle, out rawFrameCount);
uint frameNumber = 0;
IntPtr rawFrame;
NetmonAPI.NmGetFrame(captureFileHandle, frameNumber, out rawFrame);
IntPtr parsedFrame;
IntPtr insRawFrame;
NetmonAPI.NmParseFrame(ParserPointer, rawFrame, frameNumber, NmFrameParsingOption.FieldDisplayStringRequired | NmFrameParsingOption.FieldFullNameRequired | NmFrameParsingOption.DataTypeNameRequired, out parsedFrame, out insRawFrame);
uint fieldCount;
NetmonAPI.NmGetFieldCount(parsedFrame, out fieldCount);
uint BUFFER_SIZE = 1024;
char[] name = new char[BUFFER_SIZE * 2];
unsafe
{
fixed(char *pstr = name)
{
NetmonAPI.NmGetFieldName(parsedFrame, 0, NmParsedFieldNames.NamePath, BUFFER_SIZE * 2, pstr);
}
}
String fieldName = new String(name).Replace("\0", String.Empty);
NetmonAPI.NmCloseHandle(captureFileHandle);
}
