public IntPtr CreateFrameParser() { IntPtr FrameParser = IntPtr.Zero; UInt32 ret = 0; IntPtr pCallerContext = IntPtr.Zero; IntPtr nplParser = IntPtr.Zero; // Use NULL to load default NPL set. ret = NetmonAPI.NmLoadNplParser(null, NmNplParserLoadingOption.NmAppendRegisteredNplSets, pParserCallback, pCallerContext, out nplParser); if (ret != ERROR_SUCCESS) { Console.WriteLine("Failed to load NPL Parser"); return(FrameParser); } IntPtr frameParserConfig = IntPtr.Zero; ret = NetmonAPI.NmCreateFrameParserConfiguration(nplParser, pParserCallback, pCallerContext, out frameParserConfig); if (ret != ERROR_SUCCESS) { Console.WriteLine("Failed to load frame parser configuration."); NetmonAPI.NmCloseHandle(nplParser);//release the handler return(FrameParser); } else //now start to add filter { ret = NetmonAPI.NmConfigReassembly(frameParserConfig, NmReassemblyConfigOption.None, true); if (ret != ERROR_SUCCESS) { Console.WriteLine("Failed to config reassembly."); return(FrameParser); } String pfilterString = _filterString; Console.WriteLine(pfilterString); ret = NetmonAPI.NmAddFilter(frameParserConfig, pfilterString, out ulfilterId); if (ret != ERROR_SUCCESS) { Console.WriteLine("error to create filter,info:" + ret.ToString()); NetmonAPI.NmCloseHandle(frameParserConfig); NetmonAPI.NmCloseHandle(nplParser); return(FrameParser); } //add the properties foreach (String propertyString in _properties) { Console.WriteLine("add property:" + propertyString); UInt32 ulpropertyId; ret = NetmonAPI.NmAddProperty(frameParserConfig, propertyString, out ulpropertyId); if (ret == ERROR_SUCCESS) { PropertyIdDict.Add(propertyString, ulpropertyId); } else { Console.WriteLine("error when add property:" + propertyString); } } //add fields foreach (String filedString in _fields) { Console.WriteLine("add field:" + filedString); UInt32 ulfieldId; ret = NetmonAPI.NmAddField(frameParserConfig, filedString, out ulfieldId); if (ret == ERROR_SUCCESS) { FieldIdDict.Add(filedString, ulfieldId); } else { Console.WriteLine("error when add field:" + filedString); } } ret = NetmonAPI.NmCreateFrameParser(frameParserConfig, out FrameParser, NmFrameParserOptimizeOption.ParserOptimizeNone); if (ret != ERROR_SUCCESS) { Console.WriteLine("failed to create frame parser, info:" + ret.ToString()); return(FrameParser); } } return(FrameParser); }
static void Main(string[] args) { // / / Initialize NetworkMonitor API NM_API_CONFIGURATION apiConfig = new NM_API_CONFIGURATION(); apiConfig.Size = (ushort)(System.Runtime.InteropServices.Marshal.SizeOf(apiConfig)); NetmonAPI.NmGetApiConfiguration(ref apiConfig); apiConfig.ThreadingMode = 0; NetmonAPI.NmApiInitialize(ref apiConfig); IntPtr nplPointer = IntPtr.Zero; NetmonAPI.NmLoadNplParser(null, NmNplParserLoadingOption.NmAppendRegisteredNplSets, pErrorCallBack, IntPtr.Zero, out nplPointer); // / / Initialize Frame parser IntPtr parserConfigPointer; NetmonAPI.NmCreateFrameParserConfiguration(nplPointer, pErrorCallBack, IntPtr.Zero, out parserConfigPointer); NetmonAPI.NmConfigConversation(parserConfigPointer, NmConversationConfigOption.None, true); IntPtr ParserPointer; NetmonAPI.NmCreateFrameParser(parserConfigPointer, out ParserPointer, NmFrameParserOptimizeOption.ParserOptimizeNone); // / / Parse capture file IntPtr captureFileHandle; NetmonAPI.NmOpenCaptureFile("auto.cap", out captureFileHandle); uint rawFrameCount; NetmonAPI.NmGetFrameCount(captureFileHandle, out rawFrameCount); uint frameNumber = 0; IntPtr rawFrame; NetmonAPI.NmGetFrame(captureFileHandle, frameNumber, out rawFrame); IntPtr parsedFrame; IntPtr insRawFrame; NetmonAPI.NmParseFrame(ParserPointer, rawFrame, frameNumber, NmFrameParsingOption.FieldDisplayStringRequired | NmFrameParsingOption.FieldFullNameRequired | NmFrameParsingOption.DataTypeNameRequired, out parsedFrame, out insRawFrame); uint fieldCount; NetmonAPI.NmGetFieldCount(parsedFrame, out fieldCount); uint BUFFER_SIZE = 1024; char[] name = new char[BUFFER_SIZE * 2]; unsafe { fixed(char *pstr = name) { NetmonAPI.NmGetFieldName(parsedFrame, 0, NmParsedFieldNames.NamePath, BUFFER_SIZE * 2, pstr); } } String fieldName = new String(name).Replace("\0", String.Empty); NetmonAPI.NmCloseHandle(captureFileHandle); }
public static void Main(string[] args) { // Load API try { initialized = Program.InitializeNMAPI(); } catch (BadImageFormatException) { Console.WriteLine("There was an error loading the NMAPI.\n\nPlease ensure you have the correct version installed for your platform."); } catch (DllNotFoundException) { Console.WriteLine("There was an error loading the NMAPI DLL.\n\nPlease ensure you have Network Monitor 3.3 installed or try rebooting."); } CommandLineArguments commandReader = new CommandLineArguments(); if (commandReader.ParseCommandLineArguments(args)) { if (commandReader.IsNoArguments) { Console.WriteLine(CommandLineArguments.GetUsage("ExpertExample")); } else if (commandReader.IsRequestingHelp) { Console.WriteLine(CommandLineArguments.GetUsage("ExpertExample")); } else if (initialized) { Console.WriteLine("Running Test Application with Arguments:"); Console.WriteLine("\tCapture File: " + commandReader.CaptureFileName); Console.WriteLine("\tDisplay Filter: " + commandReader.DisplayFilter); Console.WriteLine("\tConversation Filter: " + commandReader.ConversationFilter); Console.WriteLine("\tSelected Frames: " + commandReader.SelectedFramesString); Console.WriteLine(); bool loadedparserengine = false; // Configure Parser Engine uint errno; IntPtr hNplParser = IntPtr.Zero; IntPtr hFrameParserConfig = IntPtr.Zero; uint conversationFilterId = 0; uint displayFilterId = 0; IntPtr hFrameParser = IntPtr.Zero; // Only load the parsing engine if we have to if (!string.IsNullOrEmpty(commandReader.ConversationFilter) || !string.IsNullOrEmpty(commandReader.DisplayFilter)) { Console.WriteLine("Loading Parser Engine..."); // Passing in null for the path will use the default configuration as specified in the Netmon UI errno = NetmonAPI.NmLoadNplParser(null, NmNplParserLoadingOption.NmAppendRegisteredNplSets, pErrorCallBack, IntPtr.Zero, out hNplParser); if (errno == ERROR_SUCCESS) { // Configure Frame Parser errno = NetmonAPI.NmCreateFrameParserConfiguration(hNplParser, pErrorCallBack, IntPtr.Zero, out hFrameParserConfig); if (errno == ERROR_SUCCESS) { // Enable Conversations errno = NetmonAPI.NmConfigConversation(hFrameParserConfig, NmConversationConfigOption.None, true); if (errno == ERROR_SUCCESS) { // Add Filters if (!string.IsNullOrEmpty(commandReader.ConversationFilter)) { Console.WriteLine("Adding Conversation Filter..."); errno = NetmonAPI.NmAddFilter(hFrameParserConfig, commandReader.ConversationFilter, out conversationFilterId); } if (errno == ERROR_SUCCESS) { if (!string.IsNullOrEmpty(commandReader.DisplayFilter)) { Console.WriteLine("Adding Display Filter..."); errno = NetmonAPI.NmAddFilter(hFrameParserConfig, commandReader.DisplayFilter, out displayFilterId); } if (errno == ERROR_SUCCESS) { errno = NetmonAPI.NmCreateFrameParser(hFrameParserConfig, out hFrameParser, NmFrameParserOptimizeOption.ParserOptimizeNone); if (errno == ERROR_SUCCESS) { Console.WriteLine("Parser Engine Loaded Successfully!"); Console.WriteLine(); loadedparserengine = true; } else { Console.WriteLine("Parser Creation Error Number = " + errno); } } else { Console.WriteLine("Display Filter Creation Error Number = " + errno); } } else { Console.WriteLine("Conversation Filter Creation Error Number = " + errno); } } else { Console.WriteLine("Conversation Error Number = " + errno); } if (!loadedparserengine) { NetmonAPI.NmCloseHandle(hFrameParserConfig); } } else { Console.WriteLine("Parser Configuration Error Number = " + errno); } if (!loadedparserengine) { NetmonAPI.NmCloseHandle(hNplParser); } } else { Console.WriteLine("Error Loading NMAPI Parsing Engine Error Number = " + errno); } } // Wait for confirmation Console.WriteLine("Press any key to continue"); Console.ReadKey(true); // Let's open the capture file // Open Capture File IntPtr captureFile = IntPtr.Zero; errno = NetmonAPI.NmOpenCaptureFile(commandReader.CaptureFileName, out captureFile); if (errno == ERROR_SUCCESS) { // Retrieve the number of frames in this capture file uint frameCount; errno = NetmonAPI.NmGetFrameCount(captureFile, out frameCount); if (errno == ERROR_SUCCESS) { // Loop through capture file for (uint ulFrameNumber = 0; ulFrameNumber < frameCount; ulFrameNumber++) { // Get the Raw Frame data IntPtr hRawFrame = IntPtr.Zero; errno = NetmonAPI.NmGetFrame(captureFile, ulFrameNumber, out hRawFrame); if (errno != ERROR_SUCCESS) { Console.WriteLine("Error Retrieving Frame #" + (ulFrameNumber + 1) + " from file"); continue; } // Need to parse once to get similar results to the UI if (loadedparserengine) { // Parse Frame IntPtr phParsedFrame; IntPtr phInsertedRawFrame; errno = NetmonAPI.NmParseFrame(hFrameParser, hRawFrame, ulFrameNumber, NmFrameParsingOption.FieldDisplayStringRequired | NmFrameParsingOption.FieldFullNameRequired | NmFrameParsingOption.DataTypeNameRequired, out phParsedFrame, out phInsertedRawFrame); if (errno == ERROR_SUCCESS) { // Check against Filters if (!string.IsNullOrEmpty(commandReader.ConversationFilter)) { bool passed; errno = NetmonAPI.NmEvaluateFilter(phParsedFrame, conversationFilterId, out passed); if (errno == ERROR_SUCCESS) { if (passed) { if (!string.IsNullOrEmpty(commandReader.DisplayFilter)) { bool passed2; errno = NetmonAPI.NmEvaluateFilter(phParsedFrame, displayFilterId, out passed2); if (errno == ERROR_SUCCESS) { if (passed2) { PrintParsedFrameInformation(phParsedFrame, ulFrameNumber, commandReader); } } } else { PrintParsedFrameInformation(phParsedFrame, ulFrameNumber, commandReader); } } } } else if (!string.IsNullOrEmpty(commandReader.DisplayFilter)) { bool passed; errno = NetmonAPI.NmEvaluateFilter(phParsedFrame, displayFilterId, out passed); if (errno == ERROR_SUCCESS) { if (passed) { PrintParsedFrameInformation(phParsedFrame, ulFrameNumber, commandReader); } } } else { PrintParsedFrameInformation(phParsedFrame, ulFrameNumber, commandReader); } NetmonAPI.NmCloseHandle(phInsertedRawFrame); NetmonAPI.NmCloseHandle(phParsedFrame); } else { Console.WriteLine("Error Parsing Frame #" + (ulFrameNumber + 1) + " from file"); } } else { // Just print what I just deleted... uint pulLength; errno = NetmonAPI.NmGetRawFrameLength(hRawFrame, out pulLength); if (errno == ERROR_SUCCESS) { if (commandReader.IsSelected(ulFrameNumber)) { Console.WriteLine("Frame #" + (ulFrameNumber + 1) + " (Selected) Frame Length(bytes): " + pulLength); } else { Console.WriteLine("Frame #" + (ulFrameNumber + 1) + " Frame Length(bytes): " + pulLength); } } else { Console.WriteLine("Error Getting Frame Length for Frame #" + (ulFrameNumber + 1)); } } NetmonAPI.NmCloseHandle(hRawFrame); } } else { Console.WriteLine("Error Retrieving Capture File Length"); } // Close Capture File to Cleanup NetmonAPI.NmCloseHandle(captureFile); } else { Console.WriteLine("Could not open capture file: " + commandReader.CaptureFileName); Console.WriteLine(CommandLineArguments.GetUsage("ExpertExample")); } if (loadedparserengine) { NetmonAPI.NmCloseHandle(hFrameParser); NetmonAPI.NmCloseHandle(hFrameParserConfig); NetmonAPI.NmCloseHandle(hNplParser); } } } else { Console.WriteLine(commandReader.LastErrorMessage); Console.WriteLine(CommandLineArguments.GetUsage("ExpertExample")); } // Pause so we can see the results when launched from Network Monitor Console.WriteLine(); Console.WriteLine("Press any key to continue"); Console.ReadKey(); if (initialized) { CloseNMAPI(); } }
private NetmonNplParser() { _ret = NetmonAPI.NmLoadNplParser(null, NmNplParserLoadingOption.NmAppendRegisteredNplSets, pErrorCallBack, IntPtr.Zero, out _handle); }