public static void Main(string[] args)
{
// Load API
try
{
initialized = Program.InitializeNMAPI();
}
catch (BadImageFormatException)
{
Console.WriteLine("There was an error loading the NMAPI.\n\nPlease ensure you have the correct version installed for your platform.");
}
catch (DllNotFoundException)
{
Console.WriteLine("There was an error loading the NMAPI DLL.\n\nPlease ensure you have Network Monitor 3.3 installed or try rebooting.");
}
CommandLineArguments commandReader = new CommandLineArguments();
if (commandReader.ParseCommandLineArguments(args))
{
if (commandReader.IsNoArguments)
{
Console.WriteLine(CommandLineArguments.GetUsage("ExpertExample"));
}
else if (commandReader.IsRequestingHelp)
{
Console.WriteLine(CommandLineArguments.GetUsage("ExpertExample"));
}
else if (initialized)
{
Console.WriteLine("Running Test Application with Arguments:");
Console.WriteLine("\tCapture File: " + commandReader.CaptureFileName);
Console.WriteLine("\tDisplay Filter: " + commandReader.DisplayFilter);
Console.WriteLine("\tConversation Filter: " + commandReader.ConversationFilter);
Console.WriteLine("\tSelected Frames: " + commandReader.SelectedFramesString);
Console.WriteLine();
bool loadedparserengine = false;
// Configure Parser Engine
uint errno;
IntPtr hNplParser = IntPtr.Zero;
IntPtr hFrameParserConfig = IntPtr.Zero;
uint conversationFilterId = 0;
uint displayFilterId = 0;
IntPtr hFrameParser = IntPtr.Zero;
// Only load the parsing engine if we have to
if (!string.IsNullOrEmpty(commandReader.ConversationFilter) || !string.IsNullOrEmpty(commandReader.DisplayFilter))
{
Console.WriteLine("Loading Parser Engine...");
// Passing in null for the path will use the default configuration as specified in the Netmon UI
errno = NetmonAPI.NmLoadNplParser(null, NmNplParserLoadingOption.NmAppendRegisteredNplSets, pErrorCallBack, IntPtr.Zero, out hNplParser);
if (errno == ERROR_SUCCESS)
{
// Configure Frame Parser
errno = NetmonAPI.NmCreateFrameParserConfiguration(hNplParser, pErrorCallBack, IntPtr.Zero, out hFrameParserConfig);
if (errno == ERROR_SUCCESS)
{
// Enable Conversations
errno = NetmonAPI.NmConfigConversation(hFrameParserConfig, NmConversationConfigOption.None, true);
if (errno == ERROR_SUCCESS)
{
// Add Filters
if (!string.IsNullOrEmpty(commandReader.ConversationFilter))
{
Console.WriteLine("Adding Conversation Filter...");
errno = NetmonAPI.NmAddFilter(hFrameParserConfig, commandReader.ConversationFilter, out conversationFilterId);
}
if (errno == ERROR_SUCCESS)
{
if (!string.IsNullOrEmpty(commandReader.DisplayFilter))
{
Console.WriteLine("Adding Display Filter...");
errno = NetmonAPI.NmAddFilter(hFrameParserConfig, commandReader.DisplayFilter, out displayFilterId);
}
if (errno == ERROR_SUCCESS)
{
errno = NetmonAPI.NmCreateFrameParser(hFrameParserConfig, out hFrameParser, NmFrameParserOptimizeOption.ParserOptimizeNone);
if (errno == ERROR_SUCCESS)
{
Console.WriteLine("Parser Engine Loaded Successfully!");
Console.WriteLine();
loadedparserengine = true;
}
else
{
Console.WriteLine("Parser Creation Error Number = " + errno);
}
}
else
{
Console.WriteLine("Display Filter Creation Error Number = " + errno);
}
}
else
{
Console.WriteLine("Conversation Filter Creation Error Number = " + errno);
}
}
else
{
Console.WriteLine("Conversation Error Number = " + errno);
}
if (!loadedparserengine)
{
NetmonAPI.NmCloseHandle(hFrameParserConfig);
}
}
else
{
Console.WriteLine("Parser Configuration Error Number = " + errno);
}
if (!loadedparserengine)
{
NetmonAPI.NmCloseHandle(hNplParser);
}
}
else
{
Console.WriteLine("Error Loading NMAPI Parsing Engine Error Number = " + errno);
}
}
// Wait for confirmation
Console.WriteLine("Press any key to continue");
Console.ReadKey(true);
// Let's open the capture file
// Open Capture File
IntPtr captureFile = IntPtr.Zero;
errno = NetmonAPI.NmOpenCaptureFile(commandReader.CaptureFileName, out captureFile);
if (errno == ERROR_SUCCESS)
{
// Retrieve the number of frames in this capture file
uint frameCount;
errno = NetmonAPI.NmGetFrameCount(captureFile, out frameCount);
if (errno == ERROR_SUCCESS)
{
// Loop through capture file
for (uint ulFrameNumber = 0; ulFrameNumber < frameCount; ulFrameNumber++)
{
// Get the Raw Frame data
IntPtr hRawFrame = IntPtr.Zero;
errno = NetmonAPI.NmGetFrame(captureFile, ulFrameNumber, out hRawFrame);
if (errno != ERROR_SUCCESS)
{
Console.WriteLine("Error Retrieving Frame #" + (ulFrameNumber + 1) + " from file");
continue;
}
// Need to parse once to get similar results to the UI
if (loadedparserengine)
{
// Parse Frame
IntPtr phParsedFrame;
IntPtr phInsertedRawFrame;
errno = NetmonAPI.NmParseFrame(hFrameParser, hRawFrame, ulFrameNumber, NmFrameParsingOption.FieldDisplayStringRequired | NmFrameParsingOption.FieldFullNameRequired | NmFrameParsingOption.DataTypeNameRequired, out phParsedFrame, out phInsertedRawFrame);
if (errno == ERROR_SUCCESS)
{
// Check against Filters
if (!string.IsNullOrEmpty(commandReader.ConversationFilter))
{
bool passed;
errno = NetmonAPI.NmEvaluateFilter(phParsedFrame, conversationFilterId, out passed);
if (errno == ERROR_SUCCESS)
{
if (passed)
{
if (!string.IsNullOrEmpty(commandReader.DisplayFilter))
{
bool passed2;
errno = NetmonAPI.NmEvaluateFilter(phParsedFrame, displayFilterId, out passed2);
if (errno == ERROR_SUCCESS)
{
if (passed2)
{
PrintParsedFrameInformation(phParsedFrame, ulFrameNumber, commandReader);
}
}
}
else
{
PrintParsedFrameInformation(phParsedFrame, ulFrameNumber, commandReader);
}
}
}
}
else if (!string.IsNullOrEmpty(commandReader.DisplayFilter))
{
bool passed;
errno = NetmonAPI.NmEvaluateFilter(phParsedFrame, displayFilterId, out passed);
if (errno == ERROR_SUCCESS)
{
if (passed)
{
PrintParsedFrameInformation(phParsedFrame, ulFrameNumber, commandReader);
}
}
}
else
{
PrintParsedFrameInformation(phParsedFrame, ulFrameNumber, commandReader);
}
NetmonAPI.NmCloseHandle(phInsertedRawFrame);
NetmonAPI.NmCloseHandle(phParsedFrame);
}
else
{
Console.WriteLine("Error Parsing Frame #" + (ulFrameNumber + 1) + " from file");
}
}
else
{
// Just print what I just deleted...
uint pulLength;
errno = NetmonAPI.NmGetRawFrameLength(hRawFrame, out pulLength);
if (errno == ERROR_SUCCESS)
{
if (commandReader.IsSelected(ulFrameNumber))
{
Console.WriteLine("Frame #" + (ulFrameNumber + 1) + " (Selected) Frame Length(bytes): " + pulLength);
}
else
{
Console.WriteLine("Frame #" + (ulFrameNumber + 1) + " Frame Length(bytes): " + pulLength);
}
}
else
{
Console.WriteLine("Error Getting Frame Length for Frame #" + (ulFrameNumber + 1));
}
}
NetmonAPI.NmCloseHandle(hRawFrame);
}
}
else
{
Console.WriteLine("Error Retrieving Capture File Length");
}
// Close Capture File to Cleanup
NetmonAPI.NmCloseHandle(captureFile);
}
else
{
Console.WriteLine("Could not open capture file: " + commandReader.CaptureFileName);
Console.WriteLine(CommandLineArguments.GetUsage("ExpertExample"));
}
if (loadedparserengine)
{
NetmonAPI.NmCloseHandle(hFrameParser);
NetmonAPI.NmCloseHandle(hFrameParserConfig);
NetmonAPI.NmCloseHandle(hNplParser);
}
}
}
else
{
Console.WriteLine(commandReader.LastErrorMessage);
Console.WriteLine(CommandLineArguments.GetUsage("ExpertExample"));
}
// Pause so we can see the results when launched from Network Monitor
Console.WriteLine();
Console.WriteLine("Press any key to continue");
Console.ReadKey();
if (initialized)
{
CloseNMAPI();
}
}
private void Run()
{
IntPtr rawFrame;
UInt32 ret;
int count = 0;
if (ERROR_SUCCESS == NetmonAPI.NmOpenCaptureFile(_capfile, out rawFrame))
{
UInt32 frameCount = 0;
Filtering _nmfilter = new Filtering(_filterString, _Outproperties, _Outfields);
myFrameParser = _nmfilter.CreateFrameParser();
ret = NetmonAPI.NmGetFrameCount(rawFrame, out frameCount);//get the count of the frames
// Console.WriteLine("framecount:" + frameCount);
for (UInt32 framenumber = 0; framenumber < frameCount; framenumber++)//for each frame, apply the filter
{
// Console.WriteLine("framenumber:" + framenumber);
_currentframeNumber = (int)framenumber + 1;
IntPtr OneRawframe;
ret = NetmonAPI.NmGetFrame(rawFrame, framenumber, out OneRawframe); //
if (ret == ERROR_SUCCESS)
{
IntPtr parsedFrame, insFrame;
ret = NetmonAPI.NmParseFrame(myFrameParser, OneRawframe, framenumber, NmFrameParsingOption.None, out parsedFrame, out insFrame);
if (ret == ERROR_SUCCESS)
{
//Console.WriteLine("start to");
bool Passed = false;
ret = NetmonAPI.NmEvaluateFilter(parsedFrame, _nmfilter.ulfilterId, out Passed);
if (ret == ERROR_SUCCESS && Passed == true)
{
//construct
_getframeUnit.FieldIdDict = _nmfilter.FieldIdDict;
_getframeUnit.PropertyIdDict = _nmfilter.PropertyIdDict;
_getframeUnit.ParsedFrame = parsedFrame;
_getframeUnit.RawFrame = OneRawframe;
_getframeUnit.FrameParser = myFrameParser;
_getframeUnit.FrameNumber = _currentframeNumber;
_getframeUnit.Pids = _pids.ToList();
//Console.WriteLine(_currentframeNumber);
_getFrameValue = new GetFrameValue(_getframeUnit, _currentframeNumber);
if (_getFrameValue.frameUnit.propertyUnit.tcpPayloadLength > 0)
{
AllGetFrames.Add(_getFrameValue.frameUnit);
count++;
}
}
NetmonAPI.NmCloseHandle(parsedFrame);
NetmonAPI.NmCloseHandle(insFrame);
}
else
{
Console.WriteLine("error parsing frame:" + ret);
}
NetmonAPI.NmCloseHandle(OneRawframe);//release the cuurent parsed frame
}
else
{
Console.WriteLine("error when get frame:" + ret.ToString());
return;
}
}
}
else
{
Console.WriteLine("open capture file failed!");
}
NetmonAPI.NmCloseHandle(rawFrame);
//NetmonAPI.NmApiClose();
}
static void Main(string[] args)
{
// / / Initialize NetworkMonitor API
NM_API_CONFIGURATION apiConfig = new NM_API_CONFIGURATION();
apiConfig.Size = (ushort)(System.Runtime.InteropServices.Marshal.SizeOf(apiConfig));
NetmonAPI.NmGetApiConfiguration(ref apiConfig);
apiConfig.ThreadingMode = 0;
NetmonAPI.NmApiInitialize(ref apiConfig);
IntPtr nplPointer = IntPtr.Zero;
NetmonAPI.NmLoadNplParser(null, NmNplParserLoadingOption.NmAppendRegisteredNplSets, pErrorCallBack, IntPtr.Zero, out nplPointer);
// / / Initialize Frame parser
IntPtr parserConfigPointer;
NetmonAPI.NmCreateFrameParserConfiguration(nplPointer, pErrorCallBack, IntPtr.Zero, out parserConfigPointer);
NetmonAPI.NmConfigConversation(parserConfigPointer, NmConversationConfigOption.None, true);
IntPtr ParserPointer;
NetmonAPI.NmCreateFrameParser(parserConfigPointer, out ParserPointer, NmFrameParserOptimizeOption.ParserOptimizeNone);
// / / Parse capture file
IntPtr captureFileHandle;
NetmonAPI.NmOpenCaptureFile("auto.cap", out captureFileHandle);
uint rawFrameCount;
NetmonAPI.NmGetFrameCount(captureFileHandle, out rawFrameCount);
uint frameNumber = 0;
IntPtr rawFrame;
NetmonAPI.NmGetFrame(captureFileHandle, frameNumber, out rawFrame);
IntPtr parsedFrame;
IntPtr insRawFrame;
NetmonAPI.NmParseFrame(ParserPointer, rawFrame, frameNumber, NmFrameParsingOption.FieldDisplayStringRequired | NmFrameParsingOption.FieldFullNameRequired | NmFrameParsingOption.DataTypeNameRequired, out parsedFrame, out insRawFrame);
uint fieldCount;
NetmonAPI.NmGetFieldCount(parsedFrame, out fieldCount);
uint BUFFER_SIZE = 1024;
char[] name = new char[BUFFER_SIZE * 2];
unsafe
{
fixed(char *pstr = name)
{
NetmonAPI.NmGetFieldName(parsedFrame, 0, NmParsedFieldNames.NamePath, BUFFER_SIZE * 2, pstr);
}
}
String fieldName = new String(name).Replace("\0", String.Empty);
NetmonAPI.NmCloseHandle(captureFileHandle);
}
