Click here to Skip to main content
15,885,216 members
Search within:


Articles / Programming Languages / C#
 

TCP Session Reconstruction Tool

Rate me:
Please Sign up or sign in to vote.
4.65/5 (17 votes)
21 Sep 2007CPOL6 min read 166K   8.2K   74  
A TCP session reconstruction tool for C#.
 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
<title>WinPcap: Strings related to the new source syntax</title>
<link href="style.css" rel="stylesheet" type="text/css">
<link href="tabs.css" rel="stylesheet" type="text/css">
</head><body>
<!-- Generated by Doxygen 1.5.1 -->
<div class="tabs">
  <ul>
    <li><a href="main.html"><span>Main&nbsp;Page</span></a></li>
    <li><a href="modules.html"><span>Modules</span></a></li>
    <li><a href="annotated.html"><span>Data&nbsp;Structures</span></a></li>
    <li><a href="files.html"><span>Files</span></a></li>
    <li><a href="pages.html"><span>Related&nbsp;Pages</span></a></li>
  </ul></div>
<h1>Strings related to the new source syntax<br>
<small>
[<a class="el" href="group__remote__struct.html">Exported Structures and Definitions</a>]</small>
</h1><table border="0" cellpadding="0" cellspacing="0">
<tr><td></td></tr>
<tr><td colspan="2"><br><h2>Defines</h2></td></tr>
<tr><td class="memItemLeft" nowrap align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__remote__source__string.html#gdb108815eb410ca0ab0b444ff2e56a26">PCAP_SRC_FILE_STRING</a>&nbsp;&nbsp;&nbsp;&quot;file://&quot;</td></tr>

<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">String that will be used to determine the type of source in use (file, remote/local interface).  <a href="#gdb108815eb410ca0ab0b444ff2e56a26"></a><br></td></tr>
<tr><td class="memItemLeft" nowrap align="right" valign="top">#define&nbsp;</td><td class="memItemRight" valign="bottom"><a class="el" href="group__remote__source__string.html#g6d7103b8a7e1eca8c325bd8f32c361c3">PCAP_SRC_IF_STRING</a>&nbsp;&nbsp;&nbsp;&quot;rpcap://&quot;</td></tr>

<tr><td class="mdescLeft">&nbsp;</td><td class="mdescRight">String that will be used to determine the type of source in use (file, remote/local interface).  <a href="#g6d7103b8a7e1eca8c325bd8f32c361c3"></a><br></td></tr>
</table>
<hr><a name="_details"></a><h2>Detailed Description</h2>
The formats allowed by the <a class="el" href="group__wpcapfunc.html#g2b64c7b6490090d1d37088794f1f1791">pcap_open()</a> are the following:<ul>
<li><a href="file://path_and_filename">file://path_and_filename</a> [opens a local file]</li><li>rpcap://devicename [opens the selected device devices available on the local host, without using the RPCAP protocol]</li><li>rpcap://host/devicename [opens the selected device available on a remote host]</li><li>rpcap://host:port/devicename [opens the selected device available on a remote host, using a non-standard port for RPCAP]</li><li>adaptername [to open a local adapter; kept for compability, but it is strongly discouraged]</li><li>(NULL) [to open the first local adapter; kept for compability, but it is strongly discouraged]</li></ul>
<p>
The formats allowed by the <a class="el" href="group__wpcapfunc.html#g98f36e62c95c6ad81eaa8b2bbeb8f16e">pcap_findalldevs_ex()</a> are the following:<ul>
<li><a href="file://folder/">file://folder/</a> [lists all the files in the given folder]</li><li>rpcap:// [lists all local adapters]</li><li>rpcap://host:port/ [lists the devices available on a remote host]</li></ul>
<p>
Referring to the 'host' and 'port' paramters, they can be either numeric or literal. Since IPv6 is fully supported, these are the allowed formats:<p>
<ul>
<li>host (literal): e.g. host.foo.bar</li><li>host (numeric IPv4): e.g. 10.11.12.13</li><li>host (numeric IPv4, IPv6 style): e.g. [10.11.12.13]</li><li>host (numeric IPv6): e.g. [1:2:3::4]</li><li>port: can be either numeric (e.g. '80') or literal (e.g. 'http')</li></ul>
<p>
Here you find some allowed examples:<ul>
<li>rpcap://host.foo.bar/devicename [everything literal, no port number]</li><li>rpcap://host.foo.bar:1234/devicename [everything literal, with port number]</li><li>rpcap://10.11.12.13/devicename [IPv4 numeric, no port number]</li><li>rpcap://10.11.12.13:1234/devicename [IPv4 numeric, with port number]</li><li>rpcap://[10.11.12.13]:1234/devicename [IPv4 numeric with IPv6 format, with port number]</li><li>rpcap://[1:2:3::4]/devicename [IPv6 numeric, no port number]</li><li>rpcap://[1:2:3::4]:1234/devicename [IPv6 numeric, with port number]</li><li>rpcap://[1:2:3::4]:http/devicename [IPv6 numeric, with literal port number] </li></ul>
<hr><h2>Define Documentation</h2>
<a class="anchor" name="gdb108815eb410ca0ab0b444ff2e56a26"></a><!-- doxytag: member="remote-ext.h::PCAP_SRC_FILE_STRING" ref="gdb108815eb410ca0ab0b444ff2e56a26" args="" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">#define PCAP_SRC_FILE_STRING&nbsp;&nbsp;&nbsp;&quot;file://&quot;          </td>
        </tr>
      </table>
</div>
<div class="memdoc">

<p>
String that will be used to determine the type of source in use (file, remote/local interface). 
<p>
This string will be prepended to the interface name in order to create a string that contains all the information required to open the source.<p>
This string indicates that the user wants to open a capture from a local file. 
<p>
Definition at line <a class="el" href="remote-ext_8h-source.html#l00161">161</a> of file <a class="el" href="remote-ext_8h-source.html">remote-ext.h</a>.
</div>
</div><p>
<a class="anchor" name="g6d7103b8a7e1eca8c325bd8f32c361c3"></a><!-- doxytag: member="remote-ext.h::PCAP_SRC_IF_STRING" ref="g6d7103b8a7e1eca8c325bd8f32c361c3" args="" -->
<div class="memitem">
<div class="memproto">
      <table class="memname">
        <tr>
          <td class="memname">#define PCAP_SRC_IF_STRING&nbsp;&nbsp;&nbsp;&quot;rpcap://&quot;          </td>
        </tr>
      </table>
</div>
<div class="memdoc">

<p>
String that will be used to determine the type of source in use (file, remote/local interface). 
<p>
This string will be prepended to the interface name in order to create a string that contains all the information required to open the source.<p>
This string indicates that the user wants to open a capture from a network interface. This string does not necessarily involve the use of the RPCAP protocol. If the interface required resides on the local host, the RPCAP protocol is not involved and the local functions are used. 
<p>
Definition at line <a class="el" href="remote-ext_8h-source.html#l00174">174</a> of file <a class="el" href="remote-ext_8h-source.html">remote-ext.h</a>.
</div>
</div><p>

<hr>
<p align="right"><img border="0" src="winpcap_small.gif" align="absbottom" width="91" height="27">
documentation. Copyright (c) 2002-2005 Politecnico di Torino. Copyright (c) 2005-2007 
CACE Technologies. All rights reserved.</p>

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Saar Yahalom
Software Developer Microsoft
Israel Israel
Saar, has been programing since 1997. He enjoys taking things a part and designing simple solutions to complex problems. Currently, works for Microsoft writing in a variety of languages and flavors. During the last year he is taking a closer look into mobile and web development.

Comments and Discussions

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 14 Sep 2007

Article Copyright 2007 by Saar Yahalom
Everything else Copyright © CodeProject, 1999-2024

Web02 2.8:2024-04-02:1