Sign in to follow this  
Followers 0
Kris123

Winpcap Packet analyzer

5 posts in this topic

Hi all,

I am using Winpcap UDF and capturing the packets.

I am looking for how to analyze the packets from the received UDP packets and there by i want to calculate bandwidth and extract some useful information for my project requirement.(The data will be in RTP)

Please help on this.

Share this post


Link to post
Share on other sites



You want to recreate a complicated app like WireShark in AutoIt? What on earth for?

:)


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

Yes, but i don't want to create a huge application like wire shark, i just want to capture and analyze only the information i am interested in.

Please help me how to proceed.

Edited by Kris123

Share this post


Link to post
Share on other sites

Yes, but i don't want to create a huge application like wire shark, i just want to capture and analyze only the information i am interested in.

Please help me how to proceed.

the easier way is install the wireshark and call tshark with autoit, you don't need winpcap udf

for example

start capture:

$pid = Run("tshark -a duration <in second if you need autostop> -f <capture filter> -i <netcard index> -w <capture filename>", '', @SW_HIDE, 0x10007)

regwrite(...,$pid)

stop capture:

$pid=regread(...)

$Windowlist = WinList('tshark.exe')

For $i = 1 To $Windowlist[0][0]

If WinGetProcess($Windowlist[$i][1]) = $pid Then

WinActivate($Windowlist[$i][1])

Send('^C')

ExitLoop

EndIf

Next

get number of packets fit with specific display filter:

$pid = Run("tshark -o rtp.heuristic_rtp:true -R <display filter> -r <capture filename>", '', @SW_HIDE, 0x06)

ProcessWaitClose($pid)

$output = StdoutRead($pid)

$pktarray = StringRegExp($output, '\d+ +\d+\.\d{6} ', 3)

ConsoleWrite('Number of Packets=' & UBound($pktarray) & @LF)

you can also do detail analyze with "-V" option on capture file

Share this post


Link to post
Share on other sites

Could this be sufficient for your needs?

Script:

; Author: lod3n
; URL: http://www.autoitscript.com/forum/topic/31123-to-monitor-your-internet-connection/page__view__findpost__p__223140

#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
#include <ProgressConstants.au3>

GUICreate("Lod3n's Bandwidth Monitor",220,100,0,0,-1,$WS_EX_TOOLWINDOW)

$label1 = GUICtrlCreateLabel ( "Waiting for data...", 10, 5,200,20)
$progressbar1 = GUICtrlCreateProgress (10,20,200,20,$PBS_SMOOTH)

$label2 = GUICtrlCreateLabel ( "Waiting for data...", 10, 50,200,20)
$progressbar2 = GUICtrlCreateProgress (10,65,200,20,$PBS_SMOOTH)

GUISetState ()

$wbemFlagReturnImmediately = 0x10
$wbemFlagForwardOnly = 0x20
$colItems = ""
$strComputer = @ComputerName
$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")

$inmax = 0
$outmax = 0

$lastin = 0
$lastout = 0

while 1
    ;$colItems = $objWMIService.ExecQuery("SELECT BytesReceivedPersec,BytesSentPersec FROM Win32_PerfFormattedData_Tcpip_NetworkInterface", "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly)
    $colItems = $objWMIService.ExecQuery("SELECT BytesReceivedPersec,BytesSentPersec FROM Win32_PerfRawData_Tcpip_NetworkInterface", "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly)

    If IsObj($colItems) then
        For $objItem In $colItems
            $newin = $objItem.BytesReceivedPersec
            $newout = $objItem.BytesSentPersec

            ;new realtime counter code...
            if $lastin = 0 and $lastout = 0 Then
                $lastin = $newin
                $lastout = $newout
            endif
            $in = $newin - $lastin
            $out = $newout - $lastout
            $lastin = $newin
            $lastout = $newout

            if $in <> 0 and $out <> 0 Then
                if $in > $inmax then $inmax = $in
                if $out > $outmax then $outmax = $out

                $inP = int(($in / $inmax) * 100)
                $outP = int(($out / $outmax) * 100)
                ;$in = $in/1024
                ;$out = $out/1024
                $intext = "Bytes In/Sec: " & int($in) & " [" &$inP & "% of record]" & @CRLF
                $outtext = "Bytes Out/Sec: " & int($out) & " [" &$outP & "% of record]" &@CRLF

                GUICtrlSetData ($progressbar1,$inP)
                GUICtrlSetData ($label1,$intext)
                GUICtrlSetData ($progressbar2,$outP)
                GUICtrlSetData ($label2,$outtext)

            EndIf
            ExitLoop ; I only care about the first network adapter, yo
        Next
    EndIf
   sleep(1000) ; bytes PER SECOND
   If GUIGetMsg() = $GUI_EVENT_CLOSE Then ExitLoop
WEnd

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0