none
Network Monitor API problem RRS feed

  • Question

  • I have read sample and help file of NM 3.3. Also I watched the video on Channel 9. Still I don't understand how to use those APIs.

    My question is : How can I get process id for a http request in a live capture session?
    I don't find any filter that I can use but the GUI has this capability. So I think it is possible.

    Can anyone share a sample code to do this? Too little information available in the help file.

    Another question, current standard http parser does not parse referer. 
    That mean I have to write my own one, is that correct?

    Friday, July 3, 2009 8:56 AM

Answers

  • Unfortunately we don't allow you to capture process information with the API directly.  Instead you'll have to do what our UI does and call the process info API directly.  Then take that information and map it to the IP address and TCP ports.

    The relevant API are described here:

    http://msdn.microsoft.com/en-us/library/aa365928(VS.85).aspx

    This is something we want to add in the future, but right now it's limited to working in the UI only.

    As for the HTTP Parser and not parsing "referer" can you give me more details?  Do you have a RFC you can point me to?  Perhaps we just need to fix the parser up to support this.


    Thanks,

    Paul
    • Marked as answer by Someonepoor Friday, July 10, 2009 6:07 PM
    Monday, July 6, 2009 1:41 PM
  • I solve the problem by add adtional line in http.npl.

    Line 775

    case "Connection":
    AsciiStringTerm("\r\n") Connection;

    I add addtional case like:

    case "Referer":
    AsciiStringTerm("\r\n") Referer;

    Now I can get the field value by "http.request.HeaderFields.Referer".

    • Marked as answer by Someonepoor Friday, July 10, 2009 6:07 PM
    Friday, July 10, 2009 6:06 PM

All replies

  • Unfortunately we don't allow you to capture process information with the API directly.  Instead you'll have to do what our UI does and call the process info API directly.  Then take that information and map it to the IP address and TCP ports.

    The relevant API are described here:

    http://msdn.microsoft.com/en-us/library/aa365928(VS.85).aspx

    This is something we want to add in the future, but right now it's limited to working in the UI only.

    As for the HTTP Parser and not parsing "referer" can you give me more details?  Do you have a RFC you can point me to?  Perhaps we just need to fix the parser up to support this.


    Thanks,

    Paul
    • Marked as answer by Someonepoor Friday, July 10, 2009 6:07 PM
    Monday, July 6, 2009 1:41 PM
  • That answers my question, I will try GetExtendedTcpTable.

    But I wonder what's the difference between capture file created by UI from by API?
    I found the file created by UI has process information and can be parsed by API. Any difference?

    As the HTTP protocal referer, you can check the wikipedia:


    I think it is not hard to add this in the parser because the parser already has most fields in the header.

    Thanks for the replay. Very helpful.
    Monday, July 6, 2009 4:28 PM
  • The API can read the process informaiton created from the UI, but the API can not capture that information.  The UI keeps track of all the process tracking information and saves it as part of the capture file.  This is missing from the API capture engine today.

    As for the HTTP field, since HTTP is self describing we should parse this field in the UI.  Is this not happening for you?  Can you copy and past the information from the HTTP details in question?

    If you want to send me a trace to look at, can you use the contact info from the blog and send it that way (blogs.technet.com/netmon).

    Thanks,

    Paul

    Tuesday, July 7, 2009 6:38 PM
  • I can see the referer information in UI. My question is how can I get this field by API?

    For example, I can call NmAddField(..."http.request.uri",...) for URI and NmAddField(..."http.request.HeaderFields.Host",...) for host name. I would like to know what qualified path I can use to get the referer in a http request. It is supposed to be "http.Request.HeaderFields.xxx" but I still don't find it.

    Thanks,

    David

    Wednesday, July 8, 2009 7:56 AM
  • I solve the problem by add adtional line in http.npl.

    Line 775

    case "Connection":
    AsciiStringTerm("\r\n") Connection;

    I add addtional case like:

    case "Referer":
    AsciiStringTerm("\r\n") Referer;

    Now I can get the field value by "http.request.HeaderFields.Referer".

    • Marked as answer by Someonepoor Friday, July 10, 2009 6:07 PM
    Friday, July 10, 2009 6:06 PM
  • hey Someonepoor - I'd be really interested in seeing the code that captures the packets, gets the process ID, and ties them together if you're ok with posting it
    Tuesday, July 13, 2010 8:57 PM