Jump to content

Winpcap Packet analyzer


Recommended Posts

Hi all,

I am using Winpcap UDF and capturing the packets.

I am looking for how to analyze the packets from the received UDP packets and there by i want to calculate bandwidth and extract some useful information for my project requirement.(The data will be in RTP)

Please help on this.

Link to comment
Share on other sites

Yes, but i don't want to create a huge application like wire shark, i just want to capture and analyze only the information i am interested in.

Please help me how to proceed.

Edited by Kris123
Link to comment
Share on other sites

  • 2 weeks later...

Yes, but i don't want to create a huge application like wire shark, i just want to capture and analyze only the information i am interested in.

Please help me how to proceed.

the easier way is install the wireshark and call tshark with autoit, you don't need winpcap udf

for example

start capture:

$pid = Run("tshark -a duration <in second if you need autostop> -f <capture filter> -i <netcard index> -w <capture filename>", '', @SW_HIDE, 0x10007)

regwrite(...,$pid)

stop capture:

$pid=regread(...)

$Windowlist = WinList('tshark.exe')

For $i = 1 To $Windowlist[0][0]

If WinGetProcess($Windowlist[$i][1]) = $pid Then

WinActivate($Windowlist[$i][1])

Send('^C')

ExitLoop

EndIf

Next

get number of packets fit with specific display filter:

$pid = Run("tshark -o rtp.heuristic_rtp:true -R <display filter> -r <capture filename>", '', @SW_HIDE, 0x06)

ProcessWaitClose($pid)

$output = StdoutRead($pid)

$pktarray = StringRegExp($output, '\d+ +\d+\.\d{6} ', 3)

ConsoleWrite('Number of Packets=' & UBound($pktarray) & @LF)

you can also do detail analyze with "-V" option on capture file

Link to comment
Share on other sites

Could this be sufficient for your needs?

Script:

; Author: lod3n
; URL: http://www.autoitscript.com/forum/topic/31123-to-monitor-your-internet-connection/page__view__findpost__p__223140

#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
#include <ProgressConstants.au3>

GUICreate("Lod3n's Bandwidth Monitor",220,100,0,0,-1,$WS_EX_TOOLWINDOW)

$label1 = GUICtrlCreateLabel ( "Waiting for data...", 10, 5,200,20)
$progressbar1 = GUICtrlCreateProgress (10,20,200,20,$PBS_SMOOTH)

$label2 = GUICtrlCreateLabel ( "Waiting for data...", 10, 50,200,20)
$progressbar2 = GUICtrlCreateProgress (10,65,200,20,$PBS_SMOOTH)

GUISetState ()

$wbemFlagReturnImmediately = 0x10
$wbemFlagForwardOnly = 0x20
$colItems = ""
$strComputer = @ComputerName
$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")

$inmax = 0
$outmax = 0

$lastin = 0
$lastout = 0

while 1
    ;$colItems = $objWMIService.ExecQuery("SELECT BytesReceivedPersec,BytesSentPersec FROM Win32_PerfFormattedData_Tcpip_NetworkInterface", "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly)
    $colItems = $objWMIService.ExecQuery("SELECT BytesReceivedPersec,BytesSentPersec FROM Win32_PerfRawData_Tcpip_NetworkInterface", "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly)

    If IsObj($colItems) then
        For $objItem In $colItems
            $newin = $objItem.BytesReceivedPersec
            $newout = $objItem.BytesSentPersec

            ;new realtime counter code...
            if $lastin = 0 and $lastout = 0 Then
                $lastin = $newin
                $lastout = $newout
            endif
            $in = $newin - $lastin
            $out = $newout - $lastout
            $lastin = $newin
            $lastout = $newout

            if $in <> 0 and $out <> 0 Then
                if $in > $inmax then $inmax = $in
                if $out > $outmax then $outmax = $out

                $inP = int(($in / $inmax) * 100)
                $outP = int(($out / $outmax) * 100)
                ;$in = $in/1024
                ;$out = $out/1024
                $intext = "Bytes In/Sec: " & int($in) & " [" &$inP & "% of record]" & @CRLF
                $outtext = "Bytes Out/Sec: " & int($out) & " [" &$outP & "% of record]" &@CRLF

                GUICtrlSetData ($progressbar1,$inP)
                GUICtrlSetData ($label1,$intext)
                GUICtrlSetData ($progressbar2,$outP)
                GUICtrlSetData ($label2,$outtext)

            EndIf
            ExitLoop ; I only care about the first network adapter, yo
        Next
    EndIf
   sleep(1000) ; bytes PER SECOND
   If GUIGetMsg() = $GUI_EVENT_CLOSE Then ExitLoop
WEnd
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...