Jump to content
Sign in to follow this  
Kris123

Winpcap Packet analyzer

Recommended Posts

Kris123

Hi all,

I am using Winpcap UDF and capturing the packets.

I am looking for how to analyze the packets from the received UDP packets and there by i want to calculate bandwidth and extract some useful information for my project requirement.(The data will be in RTP)

Please help on this.

Share this post


Link to post
Share on other sites
Kris123

Yes, but i don't want to create a huge application like wire shark, i just want to capture and analyze only the information i am interested in.

Please help me how to proceed.

Edited by Kris123

Share this post


Link to post
Share on other sites
wisly

Yes, but i don't want to create a huge application like wire shark, i just want to capture and analyze only the information i am interested in.

Please help me how to proceed.

the easier way is install the wireshark and call tshark with autoit, you don't need winpcap udf

for example

start capture:

$pid = Run("tshark -a duration <in second if you need autostop> -f <capture filter> -i <netcard index> -w <capture filename>", '', @SW_HIDE, 0x10007)

regwrite(...,$pid)

stop capture:

$pid=regread(...)

$Windowlist = WinList('tshark.exe')

For $i = 1 To $Windowlist[0][0]

If WinGetProcess($Windowlist[$i][1]) = $pid Then

WinActivate($Windowlist[$i][1])

Send('^C')

ExitLoop

EndIf

Next

get number of packets fit with specific display filter:

$pid = Run("tshark -o rtp.heuristic_rtp:true -R <display filter> -r <capture filename>", '', @SW_HIDE, 0x06)

ProcessWaitClose($pid)

$output = StdoutRead($pid)

$pktarray = StringRegExp($output, '\d+ +\d+\.\d{6} ', 3)

ConsoleWrite('Number of Packets=' & UBound($pktarray) & @LF)

you can also do detail analyze with "-V" option on capture file

Share this post


Link to post
Share on other sites
jvanegmond

Could this be sufficient for your needs?

Script:

; Author: lod3n
; URL: http://www.autoitscript.com/forum/topic/31123-to-monitor-your-internet-connection/page__view__findpost__p__223140

#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
#include <ProgressConstants.au3>

GUICreate("Lod3n's Bandwidth Monitor",220,100,0,0,-1,$WS_EX_TOOLWINDOW)

$label1 = GUICtrlCreateLabel ( "Waiting for data...", 10, 5,200,20)
$progressbar1 = GUICtrlCreateProgress (10,20,200,20,$PBS_SMOOTH)

$label2 = GUICtrlCreateLabel ( "Waiting for data...", 10, 50,200,20)
$progressbar2 = GUICtrlCreateProgress (10,65,200,20,$PBS_SMOOTH)

GUISetState ()

$wbemFlagReturnImmediately = 0x10
$wbemFlagForwardOnly = 0x20
$colItems = ""
$strComputer = @ComputerName
$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")

$inmax = 0
$outmax = 0

$lastin = 0
$lastout = 0

while 1
    ;$colItems = $objWMIService.ExecQuery("SELECT BytesReceivedPersec,BytesSentPersec FROM Win32_PerfFormattedData_Tcpip_NetworkInterface", "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly)
    $colItems = $objWMIService.ExecQuery("SELECT BytesReceivedPersec,BytesSentPersec FROM Win32_PerfRawData_Tcpip_NetworkInterface", "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly)

    If IsObj($colItems) then
        For $objItem In $colItems
            $newin = $objItem.BytesReceivedPersec
            $newout = $objItem.BytesSentPersec

            ;new realtime counter code...
            if $lastin = 0 and $lastout = 0 Then
                $lastin = $newin
                $lastout = $newout
            endif
            $in = $newin - $lastin
            $out = $newout - $lastout
            $lastin = $newin
            $lastout = $newout

            if $in <> 0 and $out <> 0 Then
                if $in > $inmax then $inmax = $in
                if $out > $outmax then $outmax = $out

                $inP = int(($in / $inmax) * 100)
                $outP = int(($out / $outmax) * 100)
                ;$in = $in/1024
                ;$out = $out/1024
                $intext = "Bytes In/Sec: " & int($in) & " [" &$inP & "% of record]" & @CRLF
                $outtext = "Bytes Out/Sec: " & int($out) & " [" &$outP & "% of record]" &@CRLF

                GUICtrlSetData ($progressbar1,$inP)
                GUICtrlSetData ($label1,$intext)
                GUICtrlSetData ($progressbar2,$outP)
                GUICtrlSetData ($label2,$outtext)

            EndIf
            ExitLoop ; I only care about the first network adapter, yo
        Next
    EndIf
   sleep(1000) ; bytes PER SECOND
   If GUIGetMsg() = $GUI_EVENT_CLOSE Then ExitLoop
WEnd

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.