public static void Main(string[] args) { // Load API try { initialized = Program.InitializeNMAPI(); } catch (BadImageFormatException) { Console.WriteLine("There was an error loading the NMAPI.\n\nPlease ensure you have the correct version installed for your platform."); } catch (DllNotFoundException) { Console.WriteLine("There was an error loading the NMAPI DLL.\n\nPlease ensure you have Network Monitor 3.3 installed or try rebooting."); } CommandLineArguments commandReader = new CommandLineArguments(); if (commandReader.ParseCommandLineArguments(args)) { if (commandReader.IsNoArguments) { Console.WriteLine(CommandLineArguments.GetUsage("ExpertExample")); } else if (commandReader.IsRequestingHelp) { Console.WriteLine(CommandLineArguments.GetUsage("ExpertExample")); } else if (initialized) { Console.WriteLine("Running Test Application with Arguments:"); Console.WriteLine("\tCapture File: " + commandReader.CaptureFileName); Console.WriteLine("\tDisplay Filter: " + commandReader.DisplayFilter); Console.WriteLine("\tConversation Filter: " + commandReader.ConversationFilter); Console.WriteLine("\tSelected Frames: " + commandReader.SelectedFramesString); Console.WriteLine(); bool loadedparserengine = false; // Configure Parser Engine uint errno; IntPtr hNplParser = IntPtr.Zero; IntPtr hFrameParserConfig = IntPtr.Zero; uint conversationFilterId = 0; uint displayFilterId = 0; IntPtr hFrameParser = IntPtr.Zero; // Only load the parsing engine if we have to if (!string.IsNullOrEmpty(commandReader.ConversationFilter) || !string.IsNullOrEmpty(commandReader.DisplayFilter)) { Console.WriteLine("Loading Parser Engine..."); // Passing in null for the path will use the default configuration as specified in the Netmon UI errno = NetmonAPI.NmLoadNplParser(null, NmNplParserLoadingOption.NmAppendRegisteredNplSets, pErrorCallBack, IntPtr.Zero, out hNplParser); if (errno == ERROR_SUCCESS) { // Configure Frame Parser errno = NetmonAPI.NmCreateFrameParserConfiguration(hNplParser, pErrorCallBack, IntPtr.Zero, out hFrameParserConfig); if (errno == ERROR_SUCCESS) { // Enable Conversations errno = NetmonAPI.NmConfigConversation(hFrameParserConfig, NmConversationConfigOption.None, true); if (errno == ERROR_SUCCESS) { // Add Filters if (!string.IsNullOrEmpty(commandReader.ConversationFilter)) { Console.WriteLine("Adding Conversation Filter..."); errno = NetmonAPI.NmAddFilter(hFrameParserConfig, commandReader.ConversationFilter, out conversationFilterId); } if (errno == ERROR_SUCCESS) { if (!string.IsNullOrEmpty(commandReader.DisplayFilter)) { Console.WriteLine("Adding Display Filter..."); errno = NetmonAPI.NmAddFilter(hFrameParserConfig, commandReader.DisplayFilter, out displayFilterId); } if (errno == ERROR_SUCCESS) { errno = NetmonAPI.NmCreateFrameParser(hFrameParserConfig, out hFrameParser, NmFrameParserOptimizeOption.ParserOptimizeNone); if (errno == ERROR_SUCCESS) { Console.WriteLine("Parser Engine Loaded Successfully!"); Console.WriteLine(); loadedparserengine = true; } else { Console.WriteLine("Parser Creation Error Number = " + errno); } } else { Console.WriteLine("Display Filter Creation Error Number = " + errno); } } else { Console.WriteLine("Conversation Filter Creation Error Number = " + errno); } } else { Console.WriteLine("Conversation Error Number = " + errno); } if (!loadedparserengine) { NetmonAPI.NmCloseHandle(hFrameParserConfig); } } else { Console.WriteLine("Parser Configuration Error Number = " + errno); } if (!loadedparserengine) { NetmonAPI.NmCloseHandle(hNplParser); } } else { Console.WriteLine("Error Loading NMAPI Parsing Engine Error Number = " + errno); } } // Wait for confirmation Console.WriteLine("Press any key to continue"); Console.ReadKey(true); // Let's open the capture file // Open Capture File IntPtr captureFile = IntPtr.Zero; errno = NetmonAPI.NmOpenCaptureFile(commandReader.CaptureFileName, out captureFile); if (errno == ERROR_SUCCESS) { // Retrieve the number of frames in this capture file uint frameCount; errno = NetmonAPI.NmGetFrameCount(captureFile, out frameCount); if (errno == ERROR_SUCCESS) { // Loop through capture file for (uint ulFrameNumber = 0; ulFrameNumber < frameCount; ulFrameNumber++) { // Get the Raw Frame data IntPtr hRawFrame = IntPtr.Zero; errno = NetmonAPI.NmGetFrame(captureFile, ulFrameNumber, out hRawFrame); if (errno != ERROR_SUCCESS) { Console.WriteLine("Error Retrieving Frame #" + (ulFrameNumber + 1) + " from file"); continue; } // Need to parse once to get similar results to the UI if (loadedparserengine) { // Parse Frame IntPtr phParsedFrame; IntPtr phInsertedRawFrame; errno = NetmonAPI.NmParseFrame(hFrameParser, hRawFrame, ulFrameNumber, NmFrameParsingOption.FieldDisplayStringRequired | NmFrameParsingOption.FieldFullNameRequired | NmFrameParsingOption.DataTypeNameRequired, out phParsedFrame, out phInsertedRawFrame); if (errno == ERROR_SUCCESS) { // Check against Filters if (!string.IsNullOrEmpty(commandReader.ConversationFilter)) { bool passed; errno = NetmonAPI.NmEvaluateFilter(phParsedFrame, conversationFilterId, out passed); if (errno == ERROR_SUCCESS) { if (passed) { if (!string.IsNullOrEmpty(commandReader.DisplayFilter)) { bool passed2; errno = NetmonAPI.NmEvaluateFilter(phParsedFrame, displayFilterId, out passed2); if (errno == ERROR_SUCCESS) { if (passed2) { PrintParsedFrameInformation(phParsedFrame, ulFrameNumber, commandReader); } } } else { PrintParsedFrameInformation(phParsedFrame, ulFrameNumber, commandReader); } } } } else if (!string.IsNullOrEmpty(commandReader.DisplayFilter)) { bool passed; errno = NetmonAPI.NmEvaluateFilter(phParsedFrame, displayFilterId, out passed); if (errno == ERROR_SUCCESS) { if (passed) { PrintParsedFrameInformation(phParsedFrame, ulFrameNumber, commandReader); } } } else { PrintParsedFrameInformation(phParsedFrame, ulFrameNumber, commandReader); } NetmonAPI.NmCloseHandle(phInsertedRawFrame); NetmonAPI.NmCloseHandle(phParsedFrame); } else { Console.WriteLine("Error Parsing Frame #" + (ulFrameNumber + 1) + " from file"); } } else { // Just print what I just deleted... uint pulLength; errno = NetmonAPI.NmGetRawFrameLength(hRawFrame, out pulLength); if (errno == ERROR_SUCCESS) { if (commandReader.IsSelected(ulFrameNumber)) { Console.WriteLine("Frame #" + (ulFrameNumber + 1) + " (Selected) Frame Length(bytes): " + pulLength); } else { Console.WriteLine("Frame #" + (ulFrameNumber + 1) + " Frame Length(bytes): " + pulLength); } } else { Console.WriteLine("Error Getting Frame Length for Frame #" + (ulFrameNumber + 1)); } } NetmonAPI.NmCloseHandle(hRawFrame); } } else { Console.WriteLine("Error Retrieving Capture File Length"); } // Close Capture File to Cleanup NetmonAPI.NmCloseHandle(captureFile); } else { Console.WriteLine("Could not open capture file: " + commandReader.CaptureFileName); Console.WriteLine(CommandLineArguments.GetUsage("ExpertExample")); } if (loadedparserengine) { NetmonAPI.NmCloseHandle(hFrameParser); NetmonAPI.NmCloseHandle(hFrameParserConfig); NetmonAPI.NmCloseHandle(hNplParser); } } } else { Console.WriteLine(commandReader.LastErrorMessage); Console.WriteLine(CommandLineArguments.GetUsage("ExpertExample")); } // Pause so we can see the results when launched from Network Monitor Console.WriteLine(); Console.WriteLine("Press any key to continue"); Console.ReadKey(); if (initialized) { CloseNMAPI(); } }
/// <summary> /// Callback function for capture. /// </summary> /// <param name="hCapEngine"></param> /// <param name="adapterIndex"></param> /// <param name="callerContext"></param> /// <param name="hRawFrame"></param> private void CaptureCallBack(IntPtr hCapEngine, uint adapterIndex, IntPtr callerContext, IntPtr hRawFrame) { if (callerContext != IntPtr.Zero) { uint errno; unsafe { uint frameLen = 0; errno = NetmonAPI.NmGetRawFrameLength(hRawFrame, out frameLen); if (errno != 0) { return; } byte[] frameBuf = new byte[CapturedFrameSize]; fixed(byte *pBuf = frameBuf) { if (frameLen >= CapturedFrameSize) { NM_TIME pTime = new NM_TIME(); //Get the TimeStamp of the frame for building the new shortened frame errno = NetmonAPI.NmGetFrameTimeStampEx(hRawFrame, ref pTime); if (errno != 0) { return; } uint captureSize = 0; //use NmGetPartiaRawlFrame() to get the wanted length of the raw frame, errno = NetmonAPI.NmGetPartialRawFrame( hRawFrame, 0, //offset CapturedFrameSize, pBuf, out captureSize ); if (errno != 0) { return; } IntPtr hPartialRawFrame; errno = NetmonAPI.NmBuildRawFrameFromBufferEx( (IntPtr)pBuf, CapturedFrameSize, 0, //media type, optional ref pTime, out hPartialRawFrame ); if (errno != 0) { return; } NetmonAPI.NmAddFrame(callerContext, hPartialRawFrame); } else { NetmonAPI.NmAddFrame(callerContext, hRawFrame); } } } } }