Basic NPL Example
See Also
The following code illustrates a basic NPL parser used as an example in the Writing an NPL Parser section. It is included in the default set of Network Monitor parsers as Hsrp.npl.
Hot Standby Router Protocol
Copy Code
//File name: Hsrp.npl
Table HSRPOpcodeTable
{
switch(value)
{
case 0x00 : "Hello";
case 0x01 : "Coup";
case 0x02 : "Resign";
default : "Unknown Code";
}
}
Table HSRPStateTable
{
switch(value)
{
case 0x00 : "Initial";
case 0x01 : "Learn";
case 0x02 : "Listen";
case 0x04 : "Speak";
case 0x08 : "Standby";
case 0x10 : "Active";
default : "Unknown Code";
}
}
[ RegisterAfter (UDP.http, Hsrp, 1985) ]
Protocol HSRP = FormatString("Opcode = %s, State = %s",
HSRPOpcodeTable(UINT8(FrameData, Offset + 1)),
HSRPStateTable(UINT8(FrameData, Offset + 2)))
{
UINT8 Version;
UINT8 Opcode = FormatString("%s (%u)", HSRPOpcodeTable(this), this);
UINT8 State = FormatString("%s (%d)", HSRPStateTable(this), this)
{
UINT8 Bit0_2:3 = FormatString("(%s) Reserved", this.ToBitString);
UINT8 Bit3:1 = FormatString(" (%s) %s", this.ToBitString, this ? "Active" : "");
UINT8 Bit4:1 = FormatString(" (%s) %s", this.ToBitString, this ? "Standby" : "");
UINT8 Bit5:1 = FormatString(" (%s) %s", this.ToBitString, this ? "Speak" : "");
UINT8 Bit6:1 = FormatString(" (%s) %s", this.ToBitString, this ? "Listen" : "");
UINT8 Bit7:1 = FormatString(" (%s) %s", this.ToBitString, this ? "Learn" : "");
};
switch(Opcode)
{
case 0:
struct
{
UINT8 Hellotime;
UINT8 Holdtime;
}
default:
BLOB(2) ImplementationSpecificData;
}
UINT8 Priority;
UINT8 Group;
UINT8 Reserved;
AsciiString(8) AuthenticationData;
switch
{
case FrameOffset + 4 <= FrameLength:
IPv4Address VirtualIPAddress;
}
}
See Also
Concepts
Writing an NPL Parser
Other Resources
NPL Examples
--------------------------------------------------------------------------------
Constant Definitions
See Also
This example contains definitions for all NPL basic data types. It is included to enable compiling the examples. Sparser lists the files required for compilation.
Copy Code
// File name: constant.npl
// Byte order constants
const LittleEndian = 0;
const BigEndian = 1;
// Bool Constants
const TRUE = 1;
const FALSE = 0;
// Address Constants
const Broadcast = 0xFFFFFFFFFFFF;
// Protocol Class for parser errors
const ParserErrorProtocolClassPublic = 1;
const ParserErrorProtocolClassWindows = 2;
const ParserErrorProtocolClassMsOffice = 3;
// Conversation Status Constants
const UnknownState = 0;
const HalfConnected = 1;
const Connected = 2;
const FinWait1 = 3;
const FinWait2 = 5;
const Disconnected = 4;
// Conversation Timeout Constants
const EnableConversationTimeout = TRUE;
const DefaultConversationTimeout = 180;
const IPv4ConversationTimeout = 180;
const TCPConversationTimeout = 180;
const UDPConversationTimeout = 180;
// Add to property flags
const ADD_TO_PROPERTY_FLAG_NO_DUPLICATES = 0x00000004;
const ADD_TO_PROPERTY_FLAG_NO_ZERO = 0x00000008;
See Also
Other Resources
NPL Examples
--------------------------------------------------------------------------------
TestEnd
Thursday, September 17, 2009
TestBegin
NPL Language Overview
See Also
Network Monitor Parsing Language (NPL) is a script-based language that provides a way to specify the layout of network data for a particular protocol. It enables decoding protocols into human-readable text.
Setting Up Network Monitor for Parser Development
See Also
First, create an NPL file for your parser code. On the Parsers tab, click New Parser on the toolbar. This creates the file.
Enter the following introductory comments.
Copy Code
//# ** Public Protocol Parser **
//# (c) 2008 Microsoft Corporation
//#
//# Title: Hot Standby Router Protocol
//#
//# Details:
//#
//# References: RFC 2281
//#
//# Comments:
//#
//##
To save your file, click Save on the toolbar and name it Hsrp.npl. The default location is your Documents folder in the Network Monitor 3\Parsers folder.
Normally, you must include new parsers file in the existing My_sparser.npl file in the same folder, as shown in the following code example.
Copy Code
// Personal NPL Files
include "hsrp.npl"
In this case, since HSRP is currently in the default parser set, this include statement is already defined in Microsoft_Parsers_sparser.npl, so this step can be skipped, or the duplicate statement in Microsoft_Parsers_sparser.npl must be commented out. To override the default version, make sure that your My Documents folder is at the top of the parser order list that you see when you select Options, and then Parser, on the Tools menu.
If you wanted to write your own version of Tcp.npl to override the default file, you could move your My Documents–based folder to the top of the list, copy the regular Tcp.npl file into that folder, and make your changes. Network Monitor would then load your copy of Tcp.npl, instead of the default file because it would find it first in the path hierarchy.
To test whether Network Monitor can load the file, click Reload Parsers on the Parser tab toolbar. If everything is correct, the following messages appear in the Message View window at the bottom of the Parser tab:
Successfully loaded.
Successfully serialized NPL parser.
You should also be able to see your new parser file when you click Expand Parser Files in the Object View window.
If this fails, make sure that you have saved the new parser file in the same directory as My_sparser.npl and entered it correctly in My_sparser.npl.
If you double-click Hsrp.npl in the Object View window, the code comments that you entered in the file appear to the right.
For the next step, go to Describing the Protocol.
See Also
Concepts
Writing an NPL Parser
--------------------------------------------------------------------------------
How Network Monitor Parsing Works
An NPL code file is compiled to byte code, which Network Monitor uses to decode and filter. Although it looks a lot like C#, it is more like a line-by-line script that translates the serialized data coming over the wire into human-readable text.
The key part of the parser is the protocol block, which defines the data fields and structures in the protocol. Each data field line in the protocol block consumes bytes in the frame. At the end of the protocol block, there is usually a switch statement, which detects the next protocol to consume the remaining bytes of the frame.
The first protocol that is invoked on a frame is the frame protocol, similar to the main function in C, defined in Frame.npl. This protocol uses information about the media type used to capture the frame to determine the link layer protocol to invoke next, for example, Ethernet, wireless, ATM, or IP1394.
Network Monitor Parsers
Network Monitor comes with a set of standard parsers built in. To see the available parsers, click the Parser tab, and expand Parser Files in the Object View window. Double-click a parser to see its NPL code. This code can be modified to accommodate any special needs in parsing a protocol.
The Microsoft Windows Protocol parsers are loaded as stubs by default. To see the full code for these parsers, you must load the full parsers. For more information, see Changing Parser Set Options.
As additional parsers become available, they are posted on the CodePlex Web site. For more information, see Sharing Parsers on CodePlex.
Writing Custom Parsers
NPL can be used to write custom parsers for new protocols that are not yet available. For an extended example, see Writing an NPL Parser. If you want to share a parser that you have written, you can post it to CodePlex.
See Also
Concepts
Network Monitor Parsing Language
--------------------------------------------------------------------------------
TestEnd
NPL Language Overview
See Also
Network Monitor Parsing Language (NPL) is a script-based language that provides a way to specify the layout of network data for a particular protocol. It enables decoding protocols into human-readable text.
Setting Up Network Monitor for Parser Development
See Also
First, create an NPL file for your parser code. On the Parsers tab, click New Parser on the toolbar. This creates the file.
Enter the following introductory comments.
Copy Code
//# ** Public Protocol Parser **
//# (c) 2008 Microsoft Corporation
//#
//# Title: Hot Standby Router Protocol
//#
//# Details:
//#
//# References: RFC 2281
//#
//# Comments:
//#
//##
To save your file, click Save on the toolbar and name it Hsrp.npl. The default location is your Documents folder in the Network Monitor 3\Parsers folder.
Normally, you must include new parsers file in the existing My_sparser.npl file in the same folder, as shown in the following code example.
Copy Code
// Personal NPL Files
include "hsrp.npl"
In this case, since HSRP is currently in the default parser set, this include statement is already defined in Microsoft_Parsers_sparser.npl, so this step can be skipped, or the duplicate statement in Microsoft_Parsers_sparser.npl must be commented out. To override the default version, make sure that your My Documents folder is at the top of the parser order list that you see when you select Options, and then Parser, on the Tools menu.
If you wanted to write your own version of Tcp.npl to override the default file, you could move your My Documents–based folder to the top of the list, copy the regular Tcp.npl file into that folder, and make your changes. Network Monitor would then load your copy of Tcp.npl, instead of the default file because it would find it first in the path hierarchy.
To test whether Network Monitor can load the file, click Reload Parsers on the Parser tab toolbar. If everything is correct, the following messages appear in the Message View window at the bottom of the Parser tab:
Successfully loaded.
Successfully serialized NPL parser.
You should also be able to see your new parser file when you click Expand Parser Files in the Object View window.
If this fails, make sure that you have saved the new parser file in the same directory as My_sparser.npl and entered it correctly in My_sparser.npl.
If you double-click Hsrp.npl in the Object View window, the code comments that you entered in the file appear to the right.
For the next step, go to Describing the Protocol.
See Also
Concepts
Writing an NPL Parser
--------------------------------------------------------------------------------
How Network Monitor Parsing Works
An NPL code file is compiled to byte code, which Network Monitor uses to decode and filter. Although it looks a lot like C#, it is more like a line-by-line script that translates the serialized data coming over the wire into human-readable text.
The key part of the parser is the protocol block, which defines the data fields and structures in the protocol. Each data field line in the protocol block consumes bytes in the frame. At the end of the protocol block, there is usually a switch statement, which detects the next protocol to consume the remaining bytes of the frame.
The first protocol that is invoked on a frame is the frame protocol, similar to the main function in C, defined in Frame.npl. This protocol uses information about the media type used to capture the frame to determine the link layer protocol to invoke next, for example, Ethernet, wireless, ATM, or IP1394.
Network Monitor Parsers
Network Monitor comes with a set of standard parsers built in. To see the available parsers, click the Parser tab, and expand Parser Files in the Object View window. Double-click a parser to see its NPL code. This code can be modified to accommodate any special needs in parsing a protocol.
The Microsoft Windows Protocol parsers are loaded as stubs by default. To see the full code for these parsers, you must load the full parsers. For more information, see Changing Parser Set Options.
As additional parsers become available, they are posted on the CodePlex Web site. For more information, see Sharing Parsers on CodePlex.
Writing Custom Parsers
NPL can be used to write custom parsers for new protocols that are not yet available. For an extended example, see Writing an NPL Parser. If you want to share a parser that you have written, you can post it to CodePlex.
See Also
Concepts
Network Monitor Parsing Language
--------------------------------------------------------------------------------
TestEnd
Test10
hi young lady, how may I help you
well yeah, I am looking for a father's day gift
ok how about getting your father a new walet
how much is that walet
which one
the black one
oh it is only 40.95
that is too expensive for me. do you have a cheaper one?
how about this brown other one
I don't think my father will like the design on the other side and it doesn't have
a place to put pictures
how much is it any way
it's 25.99
en, I don't have that much money
ok how much money do you have to spend
I am not sure, probably about 10 dollars or so
I have been helping my mom around the house for the past week to earn some money
this is all I have
hmm, how about this tie
that is really pretty but the price tax says 13.99 and I know I don't have that much money
well let's just say the tie went on sales
how about five dollars? what do you say
oh thanks I will take it
Begin
Welcome to
Microsoft Network Monitor 3.3
Microsoft Network Monitor is a tool for viewing the contents of network packets that are being sent and received over a live network connection or from a previously captured data file. It provides filtering options for complex analysis of network data.
What's New
Frame Comments: Attach comments to frames in a saved capture file. Select the Frame Comments tab in the lower-right window to add, view, edit, or delete comments.
API Extensions: API methods have been added to enable access to conversation information, properties, field display strings, and comments. For more information, see the Network Monitor API Reference section of the Help.
Autoscroll: See the most recent traffic as it comes in. In a live capture, click Autoscroll on the main toolbar to have the Frame Summary window automatically scroll down to display the most recent frames as they come in. Click Autoscroll again to freeze the view in its present location.
Right-Click Add-to-Alias: Right-click the Source or Destination column in the Frame Summary window to add that address as a new alias.
Tunnel Capture Support: Capture traffic over tunnel adapters on Windows Vista SP2, Windows Server 2008, and Windows 7.
WWAN Capture Support: Capture traffic over mobile broadband data cards on Win7.
Experts Available Online: Experts are stand-alone applications that analyze Network Monitor capture data. You can install Experts and run them directly from the UI on a capture file. To search for experts, from an open capture file, click Experts on the main menu, and select Download Experts, or go to http://go.microsoft.com/fwlink/?LinkID=133950.
Right-Click Go-to-Definition: Right-click a field in the Frame Details window and select Go To Data Field Definition or Go To Data Type Definition to see where the field is defined in the NPL parsers.
A complete list of new features and known issues is available in the release notes in the Help directory.
To Give Feedback on Network Monitor 3.3
Please give us feedback on Network Monitor 3.3. Go to http://go.microsoft.com/fwlink/?LinkID=142458, and let your opinion be heard. The survey requires you to log on with your Windows Live ID.
To Learn More
Read our blog at http://blogs.technet.com/netmon.
To Share or Download Parsers
All Network Monitor parsers are now hosted on CodePlex, the Microsoft open-source project site. To get updated Microsoft parser packages and to submit or download community parsers, go to http://go.microsoft.com/fwlink/?LinkId=125105.
Protocol Documentation and Community Forums
Community Forums
Microsoft uses its developer portal, MSDN, to publish open APIs and open protocol documentation, and to host forums specific to the documentation.
Access the forums at http://go.microsoft.com/fwlink/?LinkId=111125.
Protocol Documentation
Protocol documentation is available to view and download on MSDN. This documentation includes protocols licensed under the Microsoft Communications Protocol Program (MCPP) and Microsoft Workgroup Server Protocol Program (WSPP) protocol licensing programs. It also includes preliminary documents for protocols in popular Microsoft products. Network Monitor includes parsers for Microsoft Windows protocols. The following are links to the available open protocol documentation:
Microsoft Windows Protocols: http://go.microsoft.com/fwlink/?LinkId=119905
Microsoft Office Protocols: http://go.microsoft.com/fwlink/?LinkId=119899
Microsoft Office SharePoint Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119903
Microsoft Office Exchange Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119904
© 2006-2009 Microsoft Corporation. All rights reserved.
( Conversation.ProcessName=="iexplore.exe" and Property.TCPContinuation)
or
Setting Up Network Monitor for Parser Development
See Also
First, create an NPL file for your parser code. On the Parsers tab, click New Parser on the toolbar. This creates the file.
Enter the following introductory comments.
Copy Code
//# ** Public Protocol Parser **
//# (c) 2008 Microsoft Corporation
//#
//# Title: Hot Standby Router Protocol
//#
//# Details:
//#
//# References: RFC 2281
//#
//# Comments:
//#
//##
To save your file, click Save on the toolbar and name it Hsrp.npl. The default location is your Documents folder in the Network Monitor 3\Parsers folder.
Normally, you must include new parsers file in the existing My_sparser.npl file in the same folder, as shown in the following code example.
Copy Code
// Personal NPL Files
include "hsrp.npl"
In this case, since HSRP is currently in the default parser set, this include statement is already defined in Microsoft_Parsers_sparser.npl, so this step can be skipped, or the duplicate statement in Microsoft_Parsers_sparser.npl must be commented out. To override the default version, make sure that your My Documents folder is at the top of the parser order list that you see when you select Options, and then Parser, on the Tools menu.
If you wanted to write your own version of Tcp.npl to override the default file, you could move your My Documents–based folder to the top of the list, copy the regular Tcp.npl file into that folder, and make your changes. Network Monitor would then load your copy of Tcp.npl, instead of the default file because it would find it first in the path hierarchy.
To test whether Network Monitor can load the file, click Reload Parsers on the Parser tab toolbar. If everything is correct, the following messages appear in the Message View window at the bottom of the Parser tab:
Successfully loaded.
Successfully serialized NPL parser.
You should also be able to see your new parser file when you click Expand Parser Files in the Object View window.
If this fails, make sure that you have saved the new parser file in the same directory as My_sparser.npl and entered it correctly in My_sparser.npl.
If you double-click Hsrp.npl in the Object View window, the code comments that you entered in the file appear to the right.
For the next step, go to Describing the Protocol.
See Also
Concepts
Writing an NPL Parser
--------------------------------------------------------------
Testend
well yeah, I am looking for a father's day gift
ok how about getting your father a new walet
how much is that walet
which one
the black one
oh it is only 40.95
that is too expensive for me. do you have a cheaper one?
how about this brown other one
I don't think my father will like the design on the other side and it doesn't have
a place to put pictures
how much is it any way
it's 25.99
en, I don't have that much money
ok how much money do you have to spend
I am not sure, probably about 10 dollars or so
I have been helping my mom around the house for the past week to earn some money
this is all I have
hmm, how about this tie
that is really pretty but the price tax says 13.99 and I know I don't have that much money
well let's just say the tie went on sales
how about five dollars? what do you say
oh thanks I will take it
Begin
Welcome to
Microsoft Network Monitor 3.3
Microsoft Network Monitor is a tool for viewing the contents of network packets that are being sent and received over a live network connection or from a previously captured data file. It provides filtering options for complex analysis of network data.
What's New
Frame Comments: Attach comments to frames in a saved capture file. Select the Frame Comments tab in the lower-right window to add, view, edit, or delete comments.
API Extensions: API methods have been added to enable access to conversation information, properties, field display strings, and comments. For more information, see the Network Monitor API Reference section of the Help.
Autoscroll: See the most recent traffic as it comes in. In a live capture, click Autoscroll on the main toolbar to have the Frame Summary window automatically scroll down to display the most recent frames as they come in. Click Autoscroll again to freeze the view in its present location.
Right-Click Add-to-Alias: Right-click the Source or Destination column in the Frame Summary window to add that address as a new alias.
Tunnel Capture Support: Capture traffic over tunnel adapters on Windows Vista SP2, Windows Server 2008, and Windows 7.
WWAN Capture Support: Capture traffic over mobile broadband data cards on Win7.
Experts Available Online: Experts are stand-alone applications that analyze Network Monitor capture data. You can install Experts and run them directly from the UI on a capture file. To search for experts, from an open capture file, click Experts on the main menu, and select Download Experts, or go to http://go.microsoft.com/fwlink/?LinkID=133950.
Right-Click Go-to-Definition: Right-click a field in the Frame Details window and select Go To Data Field Definition or Go To Data Type Definition to see where the field is defined in the NPL parsers.
A complete list of new features and known issues is available in the release notes in the Help directory.
To Give Feedback on Network Monitor 3.3
Please give us feedback on Network Monitor 3.3. Go to http://go.microsoft.com/fwlink/?LinkID=142458, and let your opinion be heard. The survey requires you to log on with your Windows Live ID.
To Learn More
Read our blog at http://blogs.technet.com/netmon.
To Share or Download Parsers
All Network Monitor parsers are now hosted on CodePlex, the Microsoft open-source project site. To get updated Microsoft parser packages and to submit or download community parsers, go to http://go.microsoft.com/fwlink/?LinkId=125105.
Protocol Documentation and Community Forums
Community Forums
Microsoft uses its developer portal, MSDN, to publish open APIs and open protocol documentation, and to host forums specific to the documentation.
Access the forums at http://go.microsoft.com/fwlink/?LinkId=111125.
Protocol Documentation
Protocol documentation is available to view and download on MSDN. This documentation includes protocols licensed under the Microsoft Communications Protocol Program (MCPP) and Microsoft Workgroup Server Protocol Program (WSPP) protocol licensing programs. It also includes preliminary documents for protocols in popular Microsoft products. Network Monitor includes parsers for Microsoft Windows protocols. The following are links to the available open protocol documentation:
Microsoft Windows Protocols: http://go.microsoft.com/fwlink/?LinkId=119905
Microsoft Office Protocols: http://go.microsoft.com/fwlink/?LinkId=119899
Microsoft Office SharePoint Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119903
Microsoft Office Exchange Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119904
© 2006-2009 Microsoft Corporation. All rights reserved.
( Conversation.ProcessName=="iexplore.exe" and Property.TCPContinuation)
or
Setting Up Network Monitor for Parser Development
See Also
First, create an NPL file for your parser code. On the Parsers tab, click New Parser on the toolbar. This creates the file.
Enter the following introductory comments.
Copy Code
//# ** Public Protocol Parser **
//# (c) 2008 Microsoft Corporation
//#
//# Title: Hot Standby Router Protocol
//#
//# Details:
//#
//# References: RFC 2281
//#
//# Comments:
//#
//##
To save your file, click Save on the toolbar and name it Hsrp.npl. The default location is your Documents folder in the Network Monitor 3\Parsers folder.
Normally, you must include new parsers file in the existing My_sparser.npl file in the same folder, as shown in the following code example.
Copy Code
// Personal NPL Files
include "hsrp.npl"
In this case, since HSRP is currently in the default parser set, this include statement is already defined in Microsoft_Parsers_sparser.npl, so this step can be skipped, or the duplicate statement in Microsoft_Parsers_sparser.npl must be commented out. To override the default version, make sure that your My Documents folder is at the top of the parser order list that you see when you select Options, and then Parser, on the Tools menu.
If you wanted to write your own version of Tcp.npl to override the default file, you could move your My Documents–based folder to the top of the list, copy the regular Tcp.npl file into that folder, and make your changes. Network Monitor would then load your copy of Tcp.npl, instead of the default file because it would find it first in the path hierarchy.
To test whether Network Monitor can load the file, click Reload Parsers on the Parser tab toolbar. If everything is correct, the following messages appear in the Message View window at the bottom of the Parser tab:
Successfully loaded.
Successfully serialized NPL parser.
You should also be able to see your new parser file when you click Expand Parser Files in the Object View window.
If this fails, make sure that you have saved the new parser file in the same directory as My_sparser.npl and entered it correctly in My_sparser.npl.
If you double-click Hsrp.npl in the Object View window, the code comments that you entered in the file appear to the right.
For the next step, go to Describing the Protocol.
See Also
Concepts
Writing an NPL Parser
--------------------------------------------------------------
Testend
Test09
Constant Definitions
See Also
This example contains definitions for all NPL basic data types. It is included to enable compiling the examples. Sparser lists the files required for compilation.
Copy Code
// File name: constant.npl
// Byte order constants
const LittleEndian = 0;
const BigEndian = 1;
// Bool Constants
const TRUE = 1;
const FALSE = 0;
// Address Constants
const Broadcast = 0xFFFFFFFFFFFF;
// Protocol Class for parser errors
const ParserErrorProtocolClassPublic = 1;
const ParserErrorProtocolClassWindows = 2;
const ParserErrorProtocolClassMsOffice = 3;
// Conversation Status Constants
const UnknownState = 0;
const HalfConnected = 1;
const Connected = 2;
const FinWait1 = 3;
const FinWait2 = 5;
const Disconnected = 4;
// Conversation Timeout Constants
const EnableConversationTimeout = TRUE;
const DefaultConversationTimeout = 180;
const IPv4ConversationTimeout = 180;
const TCPConversationTimeout = 180;
const UDPConversationTimeout = 180;
// Add to property flags
const ADD_TO_PROPERTY_FLAG_NO_DUPLICATES = 0x00000004;
const ADD_TO_PROPERTY_FLAG_NO_ZERO = 0x00000008;
See Also
Other Resources
NPL Examples
--------------------------------------------------------------------------------
Begin
Welcome to
Microsoft Network Monitor 3.3
Microsoft Network Monitor is a tool for viewing the contents of network packets that are being sent and received over a live network connection or from a previously captured data file. It provides filtering options for complex analysis of network data.
What's New
Frame Comments: Attach comments to frames in a saved capture file. Select the Frame Comments tab in the lower-right window to add, view, edit, or delete comments.
API Extensions: API methods have been added to enable access to conversation information, properties, field display strings, and comments. For more information, see the Network Monitor API Reference section of the Help.
Autoscroll: See the most recent traffic as it comes in. In a live capture, click Autoscroll on the main toolbar to have the Frame Summary window automatically scroll down to display the most recent frames as they come in. Click Autoscroll again to freeze the view in its present location.
Right-Click Add-to-Alias: Right-click the Source or Destination column in the Frame Summary window to add that address as a new alias.
Tunnel Capture Support: Capture traffic over tunnel adapters on Windows Vista SP2, Windows Server 2008, and Windows 7.
WWAN Capture Support: Capture traffic over mobile broadband data cards on Win7.
Experts Available Online: Experts are stand-alone applications that analyze Network Monitor capture data. You can install Experts and run them directly from the UI on a capture file. To search for experts, from an open capture file, click Experts on the main menu, and select Download Experts, or go to http://go.microsoft.com/fwlink/?LinkID=133950.
Right-Click Go-to-Definition: Right-click a field in the Frame Details window and select Go To Data Field Definition or Go To Data Type Definition to see where the field is defined in the NPL parsers.
A complete list of new features and known issues is available in the release notes in the Help directory.
To Give Feedback on Network Monitor 3.3
Please give us feedback on Network Monitor 3.3. Go to http://go.microsoft.com/fwlink/?LinkID=142458, and let your opinion be heard. The survey requires you to log on with your Windows Live ID.
To Learn More
Read our blog at http://blogs.technet.com/netmon.
To Share or Download Parsers
All Network Monitor parsers are now hosted on CodePlex, the Microsoft open-source project site. To get updated Microsoft parser packages and to submit or download community parsers, go to http://go.microsoft.com/fwlink/?LinkId=125105.
Protocol Documentation and Community Forums
Community Forums
Microsoft uses its developer portal, MSDN, to publish open APIs and open protocol documentation, and to host forums specific to the documentation.
Access the forums at http://go.microsoft.com/fwlink/?LinkId=111125.
Protocol Documentation
Protocol documentation is available to view and download on MSDN. This documentation includes protocols licensed under the Microsoft Communications Protocol Program (MCPP) and Microsoft Workgroup Server Protocol Program (WSPP) protocol licensing programs. It also includes preliminary documents for protocols in popular Microsoft products. Network Monitor includes parsers for Microsoft Windows protocols. The following are links to the available open protocol documentation:
Microsoft Windows Protocols: http://go.microsoft.com/fwlink/?LinkId=119905
Microsoft Office Protocols: http://go.microsoft.com/fwlink/?LinkId=119899
Microsoft Office SharePoint Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119903
Microsoft Office Exchange Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119904
© 2006-2009 Microsoft Corporation. All rights reserved.
( Conversation.ProcessName=="iexplore.exe" and Property.TCPContinuation)
or
Setting Up Network Monitor for Parser Development
See Also
First, create an NPL file for your parser code. On the Parsers tab, click New Parser on the toolbar. This creates the file.
Enter the following introductory comments.
Copy Code
//# ** Public Protocol Parser **
//# (c) 2008 Microsoft Corporation
//#
//# Title: Hot Standby Router Protocol
//#
//# Details:
//#
//# References: RFC 2281
//#
//# Comments:
//#
//##
To save your file, click Save on the toolbar and name it Hsrp.npl. The default location is your Documents folder in the Network Monitor 3\Parsers folder.
Normally, you must include new parsers file in the existing My_sparser.npl file in the same folder, as shown in the following code example.
Copy Code
// Personal NPL Files
include "hsrp.npl"
In this case, since HSRP is currently in the default parser set, this include statement is already defined in Microsoft_Parsers_sparser.npl, so this step can be skipped, or the duplicate statement in Microsoft_Parsers_sparser.npl must be commented out. To override the default version, make sure that your My Documents folder is at the top of the parser order list that you see when you select Options, and then Parser, on the Tools menu.
If you wanted to write your own version of Tcp.npl to override the default file, you could move your My Documents–based folder to the top of the list, copy the regular Tcp.npl file into that folder, and make your changes. Network Monitor would then load your copy of Tcp.npl, instead of the default file because it would find it first in the path hierarchy.
To test whether Network Monitor can load the file, click Reload Parsers on the Parser tab toolbar. If everything is correct, the following messages appear in the Message View window at the bottom of the Parser tab:
Successfully loaded.
Successfully serialized NPL parser.
You should also be able to see your new parser file when you click Expand Parser Files in the Object View window.
If this fails, make sure that you have saved the new parser file in the same directory as My_sparser.npl and entered it correctly in My_sparser.npl.
If you double-click Hsrp.npl in the Object View window, the code comments that you entered in the file appear to the right.
For the next step, go to Describing the Protocol.
hi young lady, how may I help you
well yeah, I am looking for a father's day gift
ok how about getting your father a new walet
how much is that walet
which one
the black one
oh it is only 40.95
that is too expensive for me. do you have a cheaper one?
how about this brown other one
I don't think my father will like the design on the other side and it doesn't have
a place to put pictures
how much is it any way
it's 25.99
en, I don't have that much money
ok how much money do you have to spend
I am not sure, probably about 10 dollars or so
I have been helping my mom around the house for the past week to earn some money
this is all I have
hmm, how about this tie
that is really pretty but the price tax says 13.99 and I know I don't have that much money
well let's just say the tie went on sales
how about five dollars? what do you say
oh thanks I will take it
See Also
Concepts
Writing an NPL Parser
--------------------------------------------------------------
Testend
See Also
This example contains definitions for all NPL basic data types. It is included to enable compiling the examples. Sparser lists the files required for compilation.
Copy Code
// File name: constant.npl
// Byte order constants
const LittleEndian = 0;
const BigEndian = 1;
// Bool Constants
const TRUE = 1;
const FALSE = 0;
// Address Constants
const Broadcast = 0xFFFFFFFFFFFF;
// Protocol Class for parser errors
const ParserErrorProtocolClassPublic = 1;
const ParserErrorProtocolClassWindows = 2;
const ParserErrorProtocolClassMsOffice = 3;
// Conversation Status Constants
const UnknownState = 0;
const HalfConnected = 1;
const Connected = 2;
const FinWait1 = 3;
const FinWait2 = 5;
const Disconnected = 4;
// Conversation Timeout Constants
const EnableConversationTimeout = TRUE;
const DefaultConversationTimeout = 180;
const IPv4ConversationTimeout = 180;
const TCPConversationTimeout = 180;
const UDPConversationTimeout = 180;
// Add to property flags
const ADD_TO_PROPERTY_FLAG_NO_DUPLICATES = 0x00000004;
const ADD_TO_PROPERTY_FLAG_NO_ZERO = 0x00000008;
See Also
Other Resources
NPL Examples
--------------------------------------------------------------------------------
Begin
Welcome to
Microsoft Network Monitor 3.3
Microsoft Network Monitor is a tool for viewing the contents of network packets that are being sent and received over a live network connection or from a previously captured data file. It provides filtering options for complex analysis of network data.
What's New
Frame Comments: Attach comments to frames in a saved capture file. Select the Frame Comments tab in the lower-right window to add, view, edit, or delete comments.
API Extensions: API methods have been added to enable access to conversation information, properties, field display strings, and comments. For more information, see the Network Monitor API Reference section of the Help.
Autoscroll: See the most recent traffic as it comes in. In a live capture, click Autoscroll on the main toolbar to have the Frame Summary window automatically scroll down to display the most recent frames as they come in. Click Autoscroll again to freeze the view in its present location.
Right-Click Add-to-Alias: Right-click the Source or Destination column in the Frame Summary window to add that address as a new alias.
Tunnel Capture Support: Capture traffic over tunnel adapters on Windows Vista SP2, Windows Server 2008, and Windows 7.
WWAN Capture Support: Capture traffic over mobile broadband data cards on Win7.
Experts Available Online: Experts are stand-alone applications that analyze Network Monitor capture data. You can install Experts and run them directly from the UI on a capture file. To search for experts, from an open capture file, click Experts on the main menu, and select Download Experts, or go to http://go.microsoft.com/fwlink/?LinkID=133950.
Right-Click Go-to-Definition: Right-click a field in the Frame Details window and select Go To Data Field Definition or Go To Data Type Definition to see where the field is defined in the NPL parsers.
A complete list of new features and known issues is available in the release notes in the Help directory.
To Give Feedback on Network Monitor 3.3
Please give us feedback on Network Monitor 3.3. Go to http://go.microsoft.com/fwlink/?LinkID=142458, and let your opinion be heard. The survey requires you to log on with your Windows Live ID.
To Learn More
Read our blog at http://blogs.technet.com/netmon.
To Share or Download Parsers
All Network Monitor parsers are now hosted on CodePlex, the Microsoft open-source project site. To get updated Microsoft parser packages and to submit or download community parsers, go to http://go.microsoft.com/fwlink/?LinkId=125105.
Protocol Documentation and Community Forums
Community Forums
Microsoft uses its developer portal, MSDN, to publish open APIs and open protocol documentation, and to host forums specific to the documentation.
Access the forums at http://go.microsoft.com/fwlink/?LinkId=111125.
Protocol Documentation
Protocol documentation is available to view and download on MSDN. This documentation includes protocols licensed under the Microsoft Communications Protocol Program (MCPP) and Microsoft Workgroup Server Protocol Program (WSPP) protocol licensing programs. It also includes preliminary documents for protocols in popular Microsoft products. Network Monitor includes parsers for Microsoft Windows protocols. The following are links to the available open protocol documentation:
Microsoft Windows Protocols: http://go.microsoft.com/fwlink/?LinkId=119905
Microsoft Office Protocols: http://go.microsoft.com/fwlink/?LinkId=119899
Microsoft Office SharePoint Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119903
Microsoft Office Exchange Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119904
© 2006-2009 Microsoft Corporation. All rights reserved.
( Conversation.ProcessName=="iexplore.exe" and Property.TCPContinuation)
or
Setting Up Network Monitor for Parser Development
See Also
First, create an NPL file for your parser code. On the Parsers tab, click New Parser on the toolbar. This creates the file.
Enter the following introductory comments.
Copy Code
//# ** Public Protocol Parser **
//# (c) 2008 Microsoft Corporation
//#
//# Title: Hot Standby Router Protocol
//#
//# Details:
//#
//# References: RFC 2281
//#
//# Comments:
//#
//##
To save your file, click Save on the toolbar and name it Hsrp.npl. The default location is your Documents folder in the Network Monitor 3\Parsers folder.
Normally, you must include new parsers file in the existing My_sparser.npl file in the same folder, as shown in the following code example.
Copy Code
// Personal NPL Files
include "hsrp.npl"
In this case, since HSRP is currently in the default parser set, this include statement is already defined in Microsoft_Parsers_sparser.npl, so this step can be skipped, or the duplicate statement in Microsoft_Parsers_sparser.npl must be commented out. To override the default version, make sure that your My Documents folder is at the top of the parser order list that you see when you select Options, and then Parser, on the Tools menu.
If you wanted to write your own version of Tcp.npl to override the default file, you could move your My Documents–based folder to the top of the list, copy the regular Tcp.npl file into that folder, and make your changes. Network Monitor would then load your copy of Tcp.npl, instead of the default file because it would find it first in the path hierarchy.
To test whether Network Monitor can load the file, click Reload Parsers on the Parser tab toolbar. If everything is correct, the following messages appear in the Message View window at the bottom of the Parser tab:
Successfully loaded.
Successfully serialized NPL parser.
You should also be able to see your new parser file when you click Expand Parser Files in the Object View window.
If this fails, make sure that you have saved the new parser file in the same directory as My_sparser.npl and entered it correctly in My_sparser.npl.
If you double-click Hsrp.npl in the Object View window, the code comments that you entered in the file appear to the right.
For the next step, go to Describing the Protocol.
hi young lady, how may I help you
well yeah, I am looking for a father's day gift
ok how about getting your father a new walet
how much is that walet
which one
the black one
oh it is only 40.95
that is too expensive for me. do you have a cheaper one?
how about this brown other one
I don't think my father will like the design on the other side and it doesn't have
a place to put pictures
how much is it any way
it's 25.99
en, I don't have that much money
ok how much money do you have to spend
I am not sure, probably about 10 dollars or so
I have been helping my mom around the house for the past week to earn some money
this is all I have
hmm, how about this tie
that is really pretty but the price tax says 13.99 and I know I don't have that much money
well let's just say the tie went on sales
how about five dollars? what do you say
oh thanks I will take it
See Also
Concepts
Writing an NPL Parser
--------------------------------------------------------------
Testend
Test08
Constant Definitions
See Also
This example contains definitions for all NPL basic data types. It is included to enable compiling the examples. Sparser lists the files required for compilation.
Copy Code
// File name: constant.npl
// Byte order constants
const LittleEndian = 0;
const BigEndian = 1;
// Bool Constants
const TRUE = 1;
const FALSE = 0;
// Address Constants
const Broadcast = 0xFFFFFFFFFFFF;
// Protocol Class for parser errors
const ParserErrorProtocolClassPublic = 1;
const ParserErrorProtocolClassWindows = 2;
const ParserErrorProtocolClassMsOffice = 3;
// Conversation Status Constants
const UnknownState = 0;
const HalfConnected = 1;
const Connected = 2;
const FinWait1 = 3;
const FinWait2 = 5;
const Disconnected = 4;
// Conversation Timeout Constants
const EnableConversationTimeout = TRUE;
const DefaultConversationTimeout = 180;
const IPv4ConversationTimeout = 180;
const TCPConversationTimeout = 180;
const UDPConversationTimeout = 180;
// Add to property flags
const ADD_TO_PROPERTY_FLAG_NO_DUPLICATES = 0x00000004;
const ADD_TO_PROPERTY_FLAG_NO_ZERO = 0x00000008;
See Also
Other Resources
NPL Examples
--------------------------------------------------------------------------------
hi young lady, how may I help you
well yeah, I am looking for a father's day gift
ok how about getting your father a new walet
how much is that walet
which one
the black one
oh it is only 40.95
that is too expensive for me. do you have a cheaper one?
how about this brown other one
I don't think my father will like the design on the other side and it doesn't have
a place to put pictures
how much is it any way
it's 25.99
en, I don't have that much money
ok how much money do you have to spend
I am not sure, probably about 10 dollars or so
I have been helping my mom around the house for the past week to earn some money
this is all I have
hmm, how about this tie
that is really pretty but the price tax says 13.99 and I know I don't have that much money
well let's just say the tie went on sales
how about five dollars? what do you say
oh thanks I will take it
Begin
Welcome to
Microsoft Network Monitor 3.3
Microsoft Network Monitor is a tool for viewing the contents of network packets that are being sent and received over a live network connection or from a previously captured data file. It provides filtering options for complex analysis of network data.
What's New
Frame Comments: Attach comments to frames in a saved capture file. Select the Frame Comments tab in the lower-right window to add, view, edit, or delete comments.
API Extensions: API methods have been added to enable access to conversation information, properties, field display strings, and comments. For more information, see the Network Monitor API Reference section of the Help.
Autoscroll: See the most recent traffic as it comes in. In a live capture, click Autoscroll on the main toolbar to have the Frame Summary window automatically scroll down to display the most recent frames as they come in. Click Autoscroll again to freeze the view in its present location.
Right-Click Add-to-Alias: Right-click the Source or Destination column in the Frame Summary window to add that address as a new alias.
Tunnel Capture Support: Capture traffic over tunnel adapters on Windows Vista SP2, Windows Server 2008, and Windows 7.
WWAN Capture Support: Capture traffic over mobile broadband data cards on Win7.
Experts Available Online: Experts are stand-alone applications that analyze Network Monitor capture data. You can install Experts and run them directly from the UI on a capture file. To search for experts, from an open capture file, click Experts on the main menu, and select Download Experts, or go to http://go.microsoft.com/fwlink/?LinkID=133950.
Right-Click Go-to-Definition: Right-click a field in the Frame Details window and select Go To Data Field Definition or Go To Data Type Definition to see where the field is defined in the NPL parsers.
A complete list of new features and known issues is available in the release notes in the Help directory.
To Give Feedback on Network Monitor 3.3
Please give us feedback on Network Monitor 3.3. Go to http://go.microsoft.com/fwlink/?LinkID=142458, and let your opinion be heard. The survey requires you to log on with your Windows Live ID.
To Learn More
Read our blog at http://blogs.technet.com/netmon.
To Share or Download Parsers
All Network Monitor parsers are now hosted on CodePlex, the Microsoft open-source project site. To get updated Microsoft parser packages and to submit or download community parsers, go to http://go.microsoft.com/fwlink/?LinkId=125105.
Protocol Documentation and Community Forums
Community Forums
Microsoft uses its developer portal, MSDN, to publish open APIs and open protocol documentation, and to host forums specific to the documentation.
Access the forums at http://go.microsoft.com/fwlink/?LinkId=111125.
Protocol Documentation
Protocol documentation is available to view and download on MSDN. This documentation includes protocols licensed under the Microsoft Communications Protocol Program (MCPP) and Microsoft Workgroup Server Protocol Program (WSPP) protocol licensing programs. It also includes preliminary documents for protocols in popular Microsoft products. Network Monitor includes parsers for Microsoft Windows protocols. The following are links to the available open protocol documentation:
Microsoft Windows Protocols: http://go.microsoft.com/fwlink/?LinkId=119905
Microsoft Office Protocols: http://go.microsoft.com/fwlink/?LinkId=119899
Microsoft Office SharePoint Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119903
Microsoft Office Exchange Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119904
© 2006-2009 Microsoft Corporation. All rights reserved.
( Conversation.ProcessName=="iexplore.exe" and Property.TCPContinuation)
or
Setting Up Network Monitor for Parser Development
See Also
First, create an NPL file for your parser code. On the Parsers tab, click New Parser on the toolbar. This creates the file.
Enter the following introductory comments.
Copy Code
//# ** Public Protocol Parser **
//# (c) 2008 Microsoft Corporation
//#
//# Title: Hot Standby Router Protocol
//#
//# Details:
//#
//# References: RFC 2281
//#
//# Comments:
//#
//##
To save your file, click Save on the toolbar and name it Hsrp.npl. The default location is your Documents folder in the Network Monitor 3\Parsers folder.
Normally, you must include new parsers file in the existing My_sparser.npl file in the same folder, as shown in the following code example.
Copy Code
// Personal NPL Files
include "hsrp.npl"
In this case, since HSRP is currently in the default parser set, this include statement is already defined in Microsoft_Parsers_sparser.npl, so this step can be skipped, or the duplicate statement in Microsoft_Parsers_sparser.npl must be commented out. To override the default version, make sure that your My Documents folder is at the top of the parser order list that you see when you select Options, and then Parser, on the Tools menu.
If you wanted to write your own version of Tcp.npl to override the default file, you could move your My Documents–based folder to the top of the list, copy the regular Tcp.npl file into that folder, and make your changes. Network Monitor would then load your copy of Tcp.npl, instead of the default file because it would find it first in the path hierarchy.
To test whether Network Monitor can load the file, click Reload Parsers on the Parser tab toolbar. If everything is correct, the following messages appear in the Message View window at the bottom of the Parser tab:
Successfully loaded.
Successfully serialized NPL parser.
You should also be able to see your new parser file when you click Expand Parser Files in the Object View window.
If this fails, make sure that you have saved the new parser file in the same directory as My_sparser.npl and entered it correctly in My_sparser.npl.
If you double-click Hsrp.npl in the Object View window, the code comments that you entered in the file appear to the right.
For the next step, go to Describing the Protocol.
See Also
Concepts
Writing an NPL Parser
--------------------------------------------------------------
Testend
See Also
This example contains definitions for all NPL basic data types. It is included to enable compiling the examples. Sparser lists the files required for compilation.
Copy Code
// File name: constant.npl
// Byte order constants
const LittleEndian = 0;
const BigEndian = 1;
// Bool Constants
const TRUE = 1;
const FALSE = 0;
// Address Constants
const Broadcast = 0xFFFFFFFFFFFF;
// Protocol Class for parser errors
const ParserErrorProtocolClassPublic = 1;
const ParserErrorProtocolClassWindows = 2;
const ParserErrorProtocolClassMsOffice = 3;
// Conversation Status Constants
const UnknownState = 0;
const HalfConnected = 1;
const Connected = 2;
const FinWait1 = 3;
const FinWait2 = 5;
const Disconnected = 4;
// Conversation Timeout Constants
const EnableConversationTimeout = TRUE;
const DefaultConversationTimeout = 180;
const IPv4ConversationTimeout = 180;
const TCPConversationTimeout = 180;
const UDPConversationTimeout = 180;
// Add to property flags
const ADD_TO_PROPERTY_FLAG_NO_DUPLICATES = 0x00000004;
const ADD_TO_PROPERTY_FLAG_NO_ZERO = 0x00000008;
See Also
Other Resources
NPL Examples
--------------------------------------------------------------------------------
hi young lady, how may I help you
well yeah, I am looking for a father's day gift
ok how about getting your father a new walet
how much is that walet
which one
the black one
oh it is only 40.95
that is too expensive for me. do you have a cheaper one?
how about this brown other one
I don't think my father will like the design on the other side and it doesn't have
a place to put pictures
how much is it any way
it's 25.99
en, I don't have that much money
ok how much money do you have to spend
I am not sure, probably about 10 dollars or so
I have been helping my mom around the house for the past week to earn some money
this is all I have
hmm, how about this tie
that is really pretty but the price tax says 13.99 and I know I don't have that much money
well let's just say the tie went on sales
how about five dollars? what do you say
oh thanks I will take it
Begin
Welcome to
Microsoft Network Monitor 3.3
Microsoft Network Monitor is a tool for viewing the contents of network packets that are being sent and received over a live network connection or from a previously captured data file. It provides filtering options for complex analysis of network data.
What's New
Frame Comments: Attach comments to frames in a saved capture file. Select the Frame Comments tab in the lower-right window to add, view, edit, or delete comments.
API Extensions: API methods have been added to enable access to conversation information, properties, field display strings, and comments. For more information, see the Network Monitor API Reference section of the Help.
Autoscroll: See the most recent traffic as it comes in. In a live capture, click Autoscroll on the main toolbar to have the Frame Summary window automatically scroll down to display the most recent frames as they come in. Click Autoscroll again to freeze the view in its present location.
Right-Click Add-to-Alias: Right-click the Source or Destination column in the Frame Summary window to add that address as a new alias.
Tunnel Capture Support: Capture traffic over tunnel adapters on Windows Vista SP2, Windows Server 2008, and Windows 7.
WWAN Capture Support: Capture traffic over mobile broadband data cards on Win7.
Experts Available Online: Experts are stand-alone applications that analyze Network Monitor capture data. You can install Experts and run them directly from the UI on a capture file. To search for experts, from an open capture file, click Experts on the main menu, and select Download Experts, or go to http://go.microsoft.com/fwlink/?LinkID=133950.
Right-Click Go-to-Definition: Right-click a field in the Frame Details window and select Go To Data Field Definition or Go To Data Type Definition to see where the field is defined in the NPL parsers.
A complete list of new features and known issues is available in the release notes in the Help directory.
To Give Feedback on Network Monitor 3.3
Please give us feedback on Network Monitor 3.3. Go to http://go.microsoft.com/fwlink/?LinkID=142458, and let your opinion be heard. The survey requires you to log on with your Windows Live ID.
To Learn More
Read our blog at http://blogs.technet.com/netmon.
To Share or Download Parsers
All Network Monitor parsers are now hosted on CodePlex, the Microsoft open-source project site. To get updated Microsoft parser packages and to submit or download community parsers, go to http://go.microsoft.com/fwlink/?LinkId=125105.
Protocol Documentation and Community Forums
Community Forums
Microsoft uses its developer portal, MSDN, to publish open APIs and open protocol documentation, and to host forums specific to the documentation.
Access the forums at http://go.microsoft.com/fwlink/?LinkId=111125.
Protocol Documentation
Protocol documentation is available to view and download on MSDN. This documentation includes protocols licensed under the Microsoft Communications Protocol Program (MCPP) and Microsoft Workgroup Server Protocol Program (WSPP) protocol licensing programs. It also includes preliminary documents for protocols in popular Microsoft products. Network Monitor includes parsers for Microsoft Windows protocols. The following are links to the available open protocol documentation:
Microsoft Windows Protocols: http://go.microsoft.com/fwlink/?LinkId=119905
Microsoft Office Protocols: http://go.microsoft.com/fwlink/?LinkId=119899
Microsoft Office SharePoint Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119903
Microsoft Office Exchange Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119904
© 2006-2009 Microsoft Corporation. All rights reserved.
( Conversation.ProcessName=="iexplore.exe" and Property.TCPContinuation)
or
Setting Up Network Monitor for Parser Development
See Also
First, create an NPL file for your parser code. On the Parsers tab, click New Parser on the toolbar. This creates the file.
Enter the following introductory comments.
Copy Code
//# ** Public Protocol Parser **
//# (c) 2008 Microsoft Corporation
//#
//# Title: Hot Standby Router Protocol
//#
//# Details:
//#
//# References: RFC 2281
//#
//# Comments:
//#
//##
To save your file, click Save on the toolbar and name it Hsrp.npl. The default location is your Documents folder in the Network Monitor 3\Parsers folder.
Normally, you must include new parsers file in the existing My_sparser.npl file in the same folder, as shown in the following code example.
Copy Code
// Personal NPL Files
include "hsrp.npl"
In this case, since HSRP is currently in the default parser set, this include statement is already defined in Microsoft_Parsers_sparser.npl, so this step can be skipped, or the duplicate statement in Microsoft_Parsers_sparser.npl must be commented out. To override the default version, make sure that your My Documents folder is at the top of the parser order list that you see when you select Options, and then Parser, on the Tools menu.
If you wanted to write your own version of Tcp.npl to override the default file, you could move your My Documents–based folder to the top of the list, copy the regular Tcp.npl file into that folder, and make your changes. Network Monitor would then load your copy of Tcp.npl, instead of the default file because it would find it first in the path hierarchy.
To test whether Network Monitor can load the file, click Reload Parsers on the Parser tab toolbar. If everything is correct, the following messages appear in the Message View window at the bottom of the Parser tab:
Successfully loaded.
Successfully serialized NPL parser.
You should also be able to see your new parser file when you click Expand Parser Files in the Object View window.
If this fails, make sure that you have saved the new parser file in the same directory as My_sparser.npl and entered it correctly in My_sparser.npl.
If you double-click Hsrp.npl in the Object View window, the code comments that you entered in the file appear to the right.
For the next step, go to Describing the Protocol.
See Also
Concepts
Writing an NPL Parser
--------------------------------------------------------------
Testend
Test07
Begin
Welcome to
Microsoft Network Monitor 3.3
Microsoft Network Monitor is a tool for viewing the contents of network packets that are being sent and received over a live network connection or from a previously captured data file. It provides filtering options for complex analysis of network data.
What's New
Frame Comments: Attach comments to frames in a saved capture file. Select the Frame Comments tab in the lower-right window to add, view, edit, or delete comments.
API Extensions: API methods have been added to enable access to conversation information, properties, field display strings, and comments. For more information, see the Network Monitor API Reference section of the Help.
Autoscroll: See the most recent traffic as it comes in. In a live capture, click Autoscroll on the main toolbar to have the Frame Summary window automatically scroll down to display the most recent frames as they come in. Click Autoscroll again to freeze the view in its present location.
Right-Click Add-to-Alias: Right-click the Source or Destination column in the Frame Summary window to add that address as a new alias.
Tunnel Capture Support: Capture traffic over tunnel adapters on Windows Vista SP2, Windows Server 2008, and Windows 7.
WWAN Capture Support: Capture traffic over mobile broadband data cards on Win7.
Experts Available Online: Experts are stand-alone applications that analyze Network Monitor capture data. You can install Experts and run them directly from the UI on a capture file. To search for experts, from an open capture file, click Experts on the main menu, and select Download Experts, or go to http://go.microsoft.com/fwlink/?LinkID=133950.
Right-Click Go-to-Definition: Right-click a field in the Frame Details window and select Go To Data Field Definition or Go To Data Type Definition to see where the field is defined in the NPL parsers.
A complete list of new features and known issues is available in the release notes in the Help directory.
To Give Feedback on Network Monitor 3.3
Please give us feedback on Network Monitor 3.3. Go to http://go.microsoft.com/fwlink/?LinkID=142458, and let your opinion be heard. The survey requires you to log on with your Windows Live ID.
To Learn More
Read our blog at http://blogs.technet.com/netmon.
To Share or Download Parsers
All Network Monitor parsers are now hosted on CodePlex, the Microsoft open-source project site. To get updated Microsoft parser packages and to submit or download community parsers, go to http://go.microsoft.com/fwlink/?LinkId=125105.
Protocol Documentation and Community Forums
Community Forums
Microsoft uses its developer portal, MSDN, to publish open APIs and open protocol documentation, and to host forums specific to the documentation.
Access the forums at http://go.microsoft.com/fwlink/?LinkId=111125.
Protocol Documentation
Protocol documentation is available to view and download on MSDN. This documentation includes protocols licensed under the Microsoft Communications Protocol Program (MCPP) and Microsoft Workgroup Server Protocol Program (WSPP) protocol licensing programs. It also includes preliminary documents for protocols in popular Microsoft products. Network Monitor includes parsers for Microsoft Windows protocols. The following are links to the available open protocol documentation:
Microsoft Windows Protocols: http://go.microsoft.com/fwlink/?LinkId=119905
Microsoft Office Protocols: http://go.microsoft.com/fwlink/?LinkId=119899
Microsoft Office SharePoint Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119903
Microsoft Office Exchange Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119904
© 2006-2009 Microsoft Corporation. All rights reserved.
( Conversation.ProcessName=="iexplore.exe" and Property.TCPContinuation)
or
Setting Up Network Monitor for Parser Development
See Also
First, create an NPL file for your parser code. On the Parsers tab, click New Parser on the toolbar. This creates the file.
Enter the following introductory comments.
Copy Code
//# ** Public Protocol Parser **
//# (c) 2008 Microsoft Corporation
//#
//# Title: Hot Standby Router Protocol
//#
//# Details:
//#
//# References: RFC 2281
//#
//# Comments:
//#
//##
To save your file, click Save on the toolbar and name it Hsrp.npl. The default location is your Documents folder in the Network Monitor 3\Parsers folder.
Normally, you must include new parsers file in the existing My_sparser.npl file in the same folder, as shown in the following code example.
Copy Code
// Personal NPL Files
include "hsrp.npl"
In this case, since HSRP is currently in the default parser set, this include statement is already defined in Microsoft_Parsers_sparser.npl, so this step can be skipped, or the duplicate statement in Microsoft_Parsers_sparser.npl must be commented out. To override the default version, make sure that your My Documents folder is at the top of the parser order list that you see when you select Options, and then Parser, on the Tools menu.
If you wanted to write your own version of Tcp.npl to override the default file, you could move your My Documents–based folder to the top of the list, copy the regular Tcp.npl file into that folder, and make your changes. Network Monitor would then load your copy of Tcp.npl, instead of the default file because it would find it first in the path hierarchy.
To test whether Network Monitor can load the file, click Reload Parsers on the Parser tab toolbar. If everything is correct, the following messages appear in the Message View window at the bottom of the Parser tab:
Successfully loaded.
Successfully serialized NPL parser.
You should also be able to see your new parser file when you click Expand Parser Files in the Object View window.
If this fails, make sure that you have saved the new parser file in the same directory as My_sparser.npl and entered it correctly in My_sparser.npl.
If you double-click Hsrp.npl in the Object View window, the code comments that you entered in the file appear to the right.
For the next step, go to Describing the Protocol.
See Also
Concepts
Writing an NPL Parser
--------------------------------------------------------------
hi young lady, how may I help you
well yeah, I am looking for a father's day gift
ok how about getting your father a new walet
how much is that walet
which one
the black one
oh it is only 40.95
that is too expensive for me. do you have a cheaper one?
how about this brown other one
I don't think my father will like the design on the other side and it doesn't have
a place to put pictures
how much is it any way
it's 25.99
en, I don't have that much money
ok how much money do you have to spend
I am not sure, probably about 10 dollars or so
I have been helping my mom around the house for the past week to earn some money
this is all I have
hmm, how about this tie
that is really pretty but the price tax says 13.99 and I know I don't have that much money
well let's just say the tie went on sales
how about five dollars? what do you say
Constant Definitions
See Also
This example contains definitions for all NPL basic data types. It is included to enable compiling the examples. Sparser lists the files required for compilation.
Copy Code
// File name: constant.npl
// Byte order constants
const LittleEndian = 0;
const BigEndian = 1;
// Bool Constants
const TRUE = 1;
const FALSE = 0;
// Address Constants
const Broadcast = 0xFFFFFFFFFFFF;
// Protocol Class for parser errors
const ParserErrorProtocolClassPublic = 1;
const ParserErrorProtocolClassWindows = 2;
const ParserErrorProtocolClassMsOffice = 3;
// Conversation Status Constants
const UnknownState = 0;
const HalfConnected = 1;
const Connected = 2;
const FinWait1 = 3;
const FinWait2 = 5;
const Disconnected = 4;
// Conversation Timeout Constants
const EnableConversationTimeout = TRUE;
const DefaultConversationTimeout = 180;
const IPv4ConversationTimeout = 180;
const TCPConversationTimeout = 180;
const UDPConversationTimeout = 180;
// Add to property flags
const ADD_TO_PROPERTY_FLAG_NO_DUPLICATES = 0x00000004;
const ADD_TO_PROPERTY_FLAG_NO_ZERO = 0x00000008;
See Also
Other Resources
NPL Examples
--------------------------------------------------------------------------------
oh thanks I will take it
Testend
Welcome to
Microsoft Network Monitor 3.3
Microsoft Network Monitor is a tool for viewing the contents of network packets that are being sent and received over a live network connection or from a previously captured data file. It provides filtering options for complex analysis of network data.
What's New
Frame Comments: Attach comments to frames in a saved capture file. Select the Frame Comments tab in the lower-right window to add, view, edit, or delete comments.
API Extensions: API methods have been added to enable access to conversation information, properties, field display strings, and comments. For more information, see the Network Monitor API Reference section of the Help.
Autoscroll: See the most recent traffic as it comes in. In a live capture, click Autoscroll on the main toolbar to have the Frame Summary window automatically scroll down to display the most recent frames as they come in. Click Autoscroll again to freeze the view in its present location.
Right-Click Add-to-Alias: Right-click the Source or Destination column in the Frame Summary window to add that address as a new alias.
Tunnel Capture Support: Capture traffic over tunnel adapters on Windows Vista SP2, Windows Server 2008, and Windows 7.
WWAN Capture Support: Capture traffic over mobile broadband data cards on Win7.
Experts Available Online: Experts are stand-alone applications that analyze Network Monitor capture data. You can install Experts and run them directly from the UI on a capture file. To search for experts, from an open capture file, click Experts on the main menu, and select Download Experts, or go to http://go.microsoft.com/fwlink/?LinkID=133950.
Right-Click Go-to-Definition: Right-click a field in the Frame Details window and select Go To Data Field Definition or Go To Data Type Definition to see where the field is defined in the NPL parsers.
A complete list of new features and known issues is available in the release notes in the Help directory.
To Give Feedback on Network Monitor 3.3
Please give us feedback on Network Monitor 3.3. Go to http://go.microsoft.com/fwlink/?LinkID=142458, and let your opinion be heard. The survey requires you to log on with your Windows Live ID.
To Learn More
Read our blog at http://blogs.technet.com/netmon.
To Share or Download Parsers
All Network Monitor parsers are now hosted on CodePlex, the Microsoft open-source project site. To get updated Microsoft parser packages and to submit or download community parsers, go to http://go.microsoft.com/fwlink/?LinkId=125105.
Protocol Documentation and Community Forums
Community Forums
Microsoft uses its developer portal, MSDN, to publish open APIs and open protocol documentation, and to host forums specific to the documentation.
Access the forums at http://go.microsoft.com/fwlink/?LinkId=111125.
Protocol Documentation
Protocol documentation is available to view and download on MSDN. This documentation includes protocols licensed under the Microsoft Communications Protocol Program (MCPP) and Microsoft Workgroup Server Protocol Program (WSPP) protocol licensing programs. It also includes preliminary documents for protocols in popular Microsoft products. Network Monitor includes parsers for Microsoft Windows protocols. The following are links to the available open protocol documentation:
Microsoft Windows Protocols: http://go.microsoft.com/fwlink/?LinkId=119905
Microsoft Office Protocols: http://go.microsoft.com/fwlink/?LinkId=119899
Microsoft Office SharePoint Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119903
Microsoft Office Exchange Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119904
© 2006-2009 Microsoft Corporation. All rights reserved.
( Conversation.ProcessName=="iexplore.exe" and Property.TCPContinuation)
or
Setting Up Network Monitor for Parser Development
See Also
First, create an NPL file for your parser code. On the Parsers tab, click New Parser on the toolbar. This creates the file.
Enter the following introductory comments.
Copy Code
//# ** Public Protocol Parser **
//# (c) 2008 Microsoft Corporation
//#
//# Title: Hot Standby Router Protocol
//#
//# Details:
//#
//# References: RFC 2281
//#
//# Comments:
//#
//##
To save your file, click Save on the toolbar and name it Hsrp.npl. The default location is your Documents folder in the Network Monitor 3\Parsers folder.
Normally, you must include new parsers file in the existing My_sparser.npl file in the same folder, as shown in the following code example.
Copy Code
// Personal NPL Files
include "hsrp.npl"
In this case, since HSRP is currently in the default parser set, this include statement is already defined in Microsoft_Parsers_sparser.npl, so this step can be skipped, or the duplicate statement in Microsoft_Parsers_sparser.npl must be commented out. To override the default version, make sure that your My Documents folder is at the top of the parser order list that you see when you select Options, and then Parser, on the Tools menu.
If you wanted to write your own version of Tcp.npl to override the default file, you could move your My Documents–based folder to the top of the list, copy the regular Tcp.npl file into that folder, and make your changes. Network Monitor would then load your copy of Tcp.npl, instead of the default file because it would find it first in the path hierarchy.
To test whether Network Monitor can load the file, click Reload Parsers on the Parser tab toolbar. If everything is correct, the following messages appear in the Message View window at the bottom of the Parser tab:
Successfully loaded.
Successfully serialized NPL parser.
You should also be able to see your new parser file when you click Expand Parser Files in the Object View window.
If this fails, make sure that you have saved the new parser file in the same directory as My_sparser.npl and entered it correctly in My_sparser.npl.
If you double-click Hsrp.npl in the Object View window, the code comments that you entered in the file appear to the right.
For the next step, go to Describing the Protocol.
See Also
Concepts
Writing an NPL Parser
--------------------------------------------------------------
hi young lady, how may I help you
well yeah, I am looking for a father's day gift
ok how about getting your father a new walet
how much is that walet
which one
the black one
oh it is only 40.95
that is too expensive for me. do you have a cheaper one?
how about this brown other one
I don't think my father will like the design on the other side and it doesn't have
a place to put pictures
how much is it any way
it's 25.99
en, I don't have that much money
ok how much money do you have to spend
I am not sure, probably about 10 dollars or so
I have been helping my mom around the house for the past week to earn some money
this is all I have
hmm, how about this tie
that is really pretty but the price tax says 13.99 and I know I don't have that much money
well let's just say the tie went on sales
how about five dollars? what do you say
Constant Definitions
See Also
This example contains definitions for all NPL basic data types. It is included to enable compiling the examples. Sparser lists the files required for compilation.
Copy Code
// File name: constant.npl
// Byte order constants
const LittleEndian = 0;
const BigEndian = 1;
// Bool Constants
const TRUE = 1;
const FALSE = 0;
// Address Constants
const Broadcast = 0xFFFFFFFFFFFF;
// Protocol Class for parser errors
const ParserErrorProtocolClassPublic = 1;
const ParserErrorProtocolClassWindows = 2;
const ParserErrorProtocolClassMsOffice = 3;
// Conversation Status Constants
const UnknownState = 0;
const HalfConnected = 1;
const Connected = 2;
const FinWait1 = 3;
const FinWait2 = 5;
const Disconnected = 4;
// Conversation Timeout Constants
const EnableConversationTimeout = TRUE;
const DefaultConversationTimeout = 180;
const IPv4ConversationTimeout = 180;
const TCPConversationTimeout = 180;
const UDPConversationTimeout = 180;
// Add to property flags
const ADD_TO_PROPERTY_FLAG_NO_DUPLICATES = 0x00000004;
const ADD_TO_PROPERTY_FLAG_NO_ZERO = 0x00000008;
See Also
Other Resources
NPL Examples
--------------------------------------------------------------------------------
oh thanks I will take it
Testend
Test06
TestBegins
Begin
Welcome to
Microsoft Network Monitor 3.3
Microsoft Network Monitor is a tool for viewing the contents of network packets that are being sent and received over a live network connection or from a previously captured data file. It provides filtering options for complex analysis of network data.
What's New
Frame Comments: Attach comments to frames in a saved capture file. Select the Frame Comments tab in the lower-right window to add, view, edit, or delete comments.
API Extensions: API methods have been added to enable access to conversation information, properties, field display strings, and comments. For more information, see the Network Monitor API Reference section of the Help.
Autoscroll: See the most recent traffic as it comes in. In a live capture, click Autoscroll on the main toolbar to have the Frame Summary window automatically scroll down to display the most recent frames as they come in. Click Autoscroll again to freeze the view in its present location.
Right-Click Add-to-Alias: Right-click the Source or Destination column in the Frame Summary window to add that address as a new alias.
Tunnel Capture Support: Capture traffic over tunnel adapters on Windows Vista SP2, Windows Server 2008, and Windows 7.
WWAN Capture Support: Capture traffic over mobile broadband data cards on Win7.
Experts Available Online: Experts are stand-alone applications that analyze Network Monitor capture data. You can install Experts and run them directly from the UI on a capture file. To search for experts, from an open capture file, click Experts on the main menu, and select Download Experts, or go to http://go.microsoft.com/fwlink/?LinkID=133950.
Right-Click Go-to-Definition: Right-click a field in the Frame Details window and select Go To Data Field Definition or Go To Data Type Definition to see where the field is defined in the NPL parsers.
A complete list of new features and known issues is available in the release notes in the Help directory.
To Give Feedback on Network Monitor 3.3
Please give us feedback on Network Monitor 3.3. Go to http://go.microsoft.com/fwlink/?LinkID=142458, and let your opinion be heard. The survey requires you to log on with your Windows Live ID.
To Learn More
Read our blog at http://blogs.technet.com/netmon.
To Share or Download Parsers
All Network Monitor parsers are now hosted on CodePlex, the Microsoft open-source project site. To get updated Microsoft parser packages and to submit or download community parsers, go to http://go.microsoft.com/fwlink/?LinkId=125105.
Protocol Documentation and Community Forums
Community Forums
Microsoft uses its developer portal, MSDN, to publish open APIs and open protocol documentation, and to host forums specific to the documentation.
Access the forums at http://go.microsoft.com/fwlink/?LinkId=111125.
Protocol Documentation
Protocol documentation is available to view and download on MSDN. This documentation includes protocols licensed under the Microsoft Communications Protocol Program (MCPP) and Microsoft Workgroup Server Protocol Program (WSPP) protocol licensing programs. It also includes preliminary documents for protocols in popular Microsoft products. Network Monitor includes parsers for Microsoft Windows protocols. The following are links to the available open protocol documentation:
Microsoft Windows Protocols: http://go.microsoft.com/fwlink/?LinkId=119905
Microsoft Office Protocols: http://go.microsoft.com/fwlink/?LinkId=119899
Microsoft Office SharePoint Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119903
Microsoft Office Exchange Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119904
© 2006-2009 Microsoft Corporation. All rights reserved.
( Conversation.ProcessName=="iexplore.exe" and Property.TCPContinuation)
or
Setting Up Network Monitor for Parser Development
See Also
First, create an NPL file for your parser code. On the Parsers tab, click New Parser on the toolbar. This creates the file.
Enter the following introductory comments.
Copy Code
//# ** Public Protocol Parser **
//# (c) 2008 Microsoft Corporation
//#
//# Title: Hot Standby Router Protocol
//#
//# Details:
//#
//# References: RFC 2281
//#
//# Comments:
//#
//##
To save your file, click Save on the toolbar and name it Hsrp.npl. The default location is your Documents folder in the Network Monitor 3\Parsers folder.
Normally, you must include new parsers file in the existing My_sparser.npl file in the same folder, as shown in the following code example.
Copy Code
// Personal NPL Files
include "hsrp.npl"
In this case, since HSRP is currently in the default parser set, this include statement is already defined in Microsoft_Parsers_sparser.npl, so this step can be skipped, or the duplicate statement in Microsoft_Parsers_sparser.npl must be commented out. To override the default version, make sure that your My Documents folder is at the top of the parser order list that you see when you select Options, and then Parser, on the Tools menu.
If you wanted to write your own version of Tcp.npl to override the default file, you could move your My Documents–based folder to the top of the list, copy the regular Tcp.npl file into that folder, and make your changes. Network Monitor would then load your copy of Tcp.npl, instead of the default file because it would find it first in the path hierarchy.
To test whether Network Monitor can load the file, click Reload Parsers on the Parser tab toolbar. If everything is correct, the following messages appear in the Message View window at the bottom of the Parser tab:
Successfully loaded.
Successfully serialized NPL parser.
You should also be able to see your new parser file when you click Expand Parser Files in the Object View window.
If this fails, make sure that you have saved the new parser file in the same directory as My_sparser.npl and entered it correctly in My_sparser.npl.
If you double-click Hsrp.npl in the Object View window, the code comments that you entered in the file appear to the right.
For the next step, go to Describing the Protocol.
See Also
Concepts
Writing an NPL Parser
--------------------------------------------------------------
hi young lady, how may I help you
well yeah, I am looking for a father's day gift
ok how about getting your father a new walet
how much is that walet
which one
the black one
oh it is only 40.95
that is too expensive for me. do you have a cheaper one?
how about this brown other one
I don't think my father will like the design on the other side and it doesn't have
a place to put pictures
how much is it any way
it's 25.99
en, I don't have that much money
ok how much money do you have to spend
I am not sure, probably about 10 dollars or so
I have been helping my mom around the house for the past week to earn some money
this is all I have
hmm, how about this tie
that is really pretty but the price tax says 13.99 and I know I don't have that much money
well let's just say the tie went on sales
how about five dollars? what do you say
Constant Definitions
See Also
This example contains definitions for all NPL basic data types. It is included to enable compiling the examples. Sparser lists the files required for compilation.
Copy Code
// File name: constant.npl
// Byte order constants
const LittleEndian = 0;
const BigEndian = 1;
// Bool Constants
const TRUE = 1;
const FALSE = 0;
// Address Constants
const Broadcast = 0xFFFFFFFFFFFF;
// Protocol Class for parser errors
const ParserErrorProtocolClassPublic = 1;
const ParserErrorProtocolClassWindows = 2;
const ParserErrorProtocolClassMsOffice = 3;
// Conversation Status Constants
const UnknownState = 0;
const HalfConnected = 1;
const Connected = 2;
const FinWait1 = 3;
const FinWait2 = 5;
const Disconnected = 4;
// Conversation Timeout Constants
const EnableConversationTimeout = TRUE;
const DefaultConversationTimeout = 180;
const IPv4ConversationTimeout = 180;
const TCPConversationTimeout = 180;
const UDPConversationTimeout = 180;
// Add to property flags
const ADD_TO_PROPERTY_FLAG_NO_DUPLICATES = 0x00000004;
const ADD_TO_PROPERTY_FLAG_NO_ZERO = 0x00000008;
See Also
Other Resources
NPL Examples
--------------------------------------------------------------------------------
oh thanks I will take it
TestendTestEnds
Begin
Welcome to
Microsoft Network Monitor 3.3
Microsoft Network Monitor is a tool for viewing the contents of network packets that are being sent and received over a live network connection or from a previously captured data file. It provides filtering options for complex analysis of network data.
What's New
Frame Comments: Attach comments to frames in a saved capture file. Select the Frame Comments tab in the lower-right window to add, view, edit, or delete comments.
API Extensions: API methods have been added to enable access to conversation information, properties, field display strings, and comments. For more information, see the Network Monitor API Reference section of the Help.
Autoscroll: See the most recent traffic as it comes in. In a live capture, click Autoscroll on the main toolbar to have the Frame Summary window automatically scroll down to display the most recent frames as they come in. Click Autoscroll again to freeze the view in its present location.
Right-Click Add-to-Alias: Right-click the Source or Destination column in the Frame Summary window to add that address as a new alias.
Tunnel Capture Support: Capture traffic over tunnel adapters on Windows Vista SP2, Windows Server 2008, and Windows 7.
WWAN Capture Support: Capture traffic over mobile broadband data cards on Win7.
Experts Available Online: Experts are stand-alone applications that analyze Network Monitor capture data. You can install Experts and run them directly from the UI on a capture file. To search for experts, from an open capture file, click Experts on the main menu, and select Download Experts, or go to http://go.microsoft.com/fwlink/?LinkID=133950.
Right-Click Go-to-Definition: Right-click a field in the Frame Details window and select Go To Data Field Definition or Go To Data Type Definition to see where the field is defined in the NPL parsers.
A complete list of new features and known issues is available in the release notes in the Help directory.
To Give Feedback on Network Monitor 3.3
Please give us feedback on Network Monitor 3.3. Go to http://go.microsoft.com/fwlink/?LinkID=142458, and let your opinion be heard. The survey requires you to log on with your Windows Live ID.
To Learn More
Read our blog at http://blogs.technet.com/netmon.
To Share or Download Parsers
All Network Monitor parsers are now hosted on CodePlex, the Microsoft open-source project site. To get updated Microsoft parser packages and to submit or download community parsers, go to http://go.microsoft.com/fwlink/?LinkId=125105.
Protocol Documentation and Community Forums
Community Forums
Microsoft uses its developer portal, MSDN, to publish open APIs and open protocol documentation, and to host forums specific to the documentation.
Access the forums at http://go.microsoft.com/fwlink/?LinkId=111125.
Protocol Documentation
Protocol documentation is available to view and download on MSDN. This documentation includes protocols licensed under the Microsoft Communications Protocol Program (MCPP) and Microsoft Workgroup Server Protocol Program (WSPP) protocol licensing programs. It also includes preliminary documents for protocols in popular Microsoft products. Network Monitor includes parsers for Microsoft Windows protocols. The following are links to the available open protocol documentation:
Microsoft Windows Protocols: http://go.microsoft.com/fwlink/?LinkId=119905
Microsoft Office Protocols: http://go.microsoft.com/fwlink/?LinkId=119899
Microsoft Office SharePoint Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119903
Microsoft Office Exchange Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119904
© 2006-2009 Microsoft Corporation. All rights reserved.
( Conversation.ProcessName=="iexplore.exe" and Property.TCPContinuation)
or
Setting Up Network Monitor for Parser Development
See Also
First, create an NPL file for your parser code. On the Parsers tab, click New Parser on the toolbar. This creates the file.
Enter the following introductory comments.
Copy Code
//# ** Public Protocol Parser **
//# (c) 2008 Microsoft Corporation
//#
//# Title: Hot Standby Router Protocol
//#
//# Details:
//#
//# References: RFC 2281
//#
//# Comments:
//#
//##
To save your file, click Save on the toolbar and name it Hsrp.npl. The default location is your Documents folder in the Network Monitor 3\Parsers folder.
Normally, you must include new parsers file in the existing My_sparser.npl file in the same folder, as shown in the following code example.
Copy Code
// Personal NPL Files
include "hsrp.npl"
In this case, since HSRP is currently in the default parser set, this include statement is already defined in Microsoft_Parsers_sparser.npl, so this step can be skipped, or the duplicate statement in Microsoft_Parsers_sparser.npl must be commented out. To override the default version, make sure that your My Documents folder is at the top of the parser order list that you see when you select Options, and then Parser, on the Tools menu.
If you wanted to write your own version of Tcp.npl to override the default file, you could move your My Documents–based folder to the top of the list, copy the regular Tcp.npl file into that folder, and make your changes. Network Monitor would then load your copy of Tcp.npl, instead of the default file because it would find it first in the path hierarchy.
To test whether Network Monitor can load the file, click Reload Parsers on the Parser tab toolbar. If everything is correct, the following messages appear in the Message View window at the bottom of the Parser tab:
Successfully loaded.
Successfully serialized NPL parser.
You should also be able to see your new parser file when you click Expand Parser Files in the Object View window.
If this fails, make sure that you have saved the new parser file in the same directory as My_sparser.npl and entered it correctly in My_sparser.npl.
If you double-click Hsrp.npl in the Object View window, the code comments that you entered in the file appear to the right.
For the next step, go to Describing the Protocol.
See Also
Concepts
Writing an NPL Parser
--------------------------------------------------------------
hi young lady, how may I help you
well yeah, I am looking for a father's day gift
ok how about getting your father a new walet
how much is that walet
which one
the black one
oh it is only 40.95
that is too expensive for me. do you have a cheaper one?
how about this brown other one
I don't think my father will like the design on the other side and it doesn't have
a place to put pictures
how much is it any way
it's 25.99
en, I don't have that much money
ok how much money do you have to spend
I am not sure, probably about 10 dollars or so
I have been helping my mom around the house for the past week to earn some money
this is all I have
hmm, how about this tie
that is really pretty but the price tax says 13.99 and I know I don't have that much money
well let's just say the tie went on sales
how about five dollars? what do you say
Constant Definitions
See Also
This example contains definitions for all NPL basic data types. It is included to enable compiling the examples. Sparser lists the files required for compilation.
Copy Code
// File name: constant.npl
// Byte order constants
const LittleEndian = 0;
const BigEndian = 1;
// Bool Constants
const TRUE = 1;
const FALSE = 0;
// Address Constants
const Broadcast = 0xFFFFFFFFFFFF;
// Protocol Class for parser errors
const ParserErrorProtocolClassPublic = 1;
const ParserErrorProtocolClassWindows = 2;
const ParserErrorProtocolClassMsOffice = 3;
// Conversation Status Constants
const UnknownState = 0;
const HalfConnected = 1;
const Connected = 2;
const FinWait1 = 3;
const FinWait2 = 5;
const Disconnected = 4;
// Conversation Timeout Constants
const EnableConversationTimeout = TRUE;
const DefaultConversationTimeout = 180;
const IPv4ConversationTimeout = 180;
const TCPConversationTimeout = 180;
const UDPConversationTimeout = 180;
// Add to property flags
const ADD_TO_PROPERTY_FLAG_NO_DUPLICATES = 0x00000004;
const ADD_TO_PROPERTY_FLAG_NO_ZERO = 0x00000008;
See Also
Other Resources
NPL Examples
--------------------------------------------------------------------------------
oh thanks I will take it
TestendTestEnds
Test05
TestBegins!!
hi young lady, how may I help you
well yeah, I am looking for a father's day gift
ok how about getting your father a new walet
how much is that walet
which one
the black one
oh it is only 40.95
that is too expensive for me. do you have a cheaper one?
how about this brown other one
I don't think my father will like the design on the other side and it doesn't have
a place to put pictures
how much is it any way
it's 25.99
en, I don't have that much money
ok how much money do you have to spend
I am not sure, probably about 10 dollars or so
I have been helping my mom around the house for the past week to earn some money
this is all I have
hmm, how about this tie
that is really pretty but the price tax says 13.99 and I know I don't have that much money
well let's just say the tie went on sales
how about five dollars? what do you say
oh thanks I will take it
Begin
Welcome to
Microsoft Network Monitor 3.3
Microsoft Network Monitor is a tool for viewing the contents of network packets that are being sent and received over a live network connection or from a previously captured data file. It provides filtering options for complex analysis of network data.
What's New
Frame Comments: Attach comments to frames in a saved capture file. Select the Frame Comments tab in the lower-right window to add, view, edit, or delete comments.
API Extensions: API methods have been added to enable access to conversation information, properties, field display strings, and comments. For more information, see the Network Monitor API Reference section of the Help.
Autoscroll: See the most recent traffic as it comes in. In a live capture, click Autoscroll on the main toolbar to have the Frame Summary window automatically scroll down to display the most recent frames as they come in. Click Autoscroll again to freeze the view in its present location.
Right-Click Add-to-Alias: Right-click the Source or Destination column in the Frame Summary window to add that address as a new alias.
Tunnel Capture Support: Capture traffic over tunnel adapters on Windows Vista SP2, Windows Server 2008, and Windows 7.
WWAN Capture Support: Capture traffic over mobile broadband data cards on Win7.
Experts Available Online: Experts are stand-alone applications that analyze Network Monitor capture data. You can install Experts and run them directly from the UI on a capture file. To search for experts, from an open capture file, click Experts on the main menu, and select Download Experts, or go to http://go.microsoft.com/fwlink/?LinkID=133950.
Right-Click Go-to-Definition: Right-click a field in the Frame Details window and select Go To Data Field Definition or Go To Data Type Definition to see where the field is defined in the NPL parsers.
A complete list of new features and known issues is available in the release notes in the Help directory.
To Give Feedback on Network Monitor 3.3
Please give us feedback on Network Monitor 3.3. Go to http://go.microsoft.com/fwlink/?LinkID=142458, and let your opinion be heard. The survey requires you to log on with your Windows Live ID.
To Learn More
Read our blog at http://blogs.technet.com/netmon.
To Share or Download Parsers
All Network Monitor parsers are now hosted on CodePlex, the Microsoft open-source project site. To get updated Microsoft parser packages and to submit or download community parsers, go to http://go.microsoft.com/fwlink/?LinkId=125105.
Protocol Documentation and Community Forums
Community Forums
Microsoft uses its developer portal, MSDN, to publish open APIs and open protocol documentation, and to host forums specific to the documentation.
Access the forums at http://go.microsoft.com/fwlink/?LinkId=111125.
Protocol Documentation
Protocol documentation is available to view and download on MSDN. This documentation includes protocols licensed under the Microsoft Communications Protocol Program (MCPP) and Microsoft Workgroup Server Protocol Program (WSPP) protocol licensing programs. It also includes preliminary documents for protocols in popular Microsoft products. Network Monitor includes parsers for Microsoft Windows protocols. The following are links to the available open protocol documentation:
Microsoft Windows Protocols: http://go.microsoft.com/fwlink/?LinkId=119905
Microsoft Office Protocols: http://go.microsoft.com/fwlink/?LinkId=119899
Microsoft Office SharePoint Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119903
Microsoft Office Exchange Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119904
© 2006-2009 Microsoft Corporation. All rights reserved.
( Conversation.ProcessName=="iexplore.exe" and Property.TCPContinuation)
or
Setting Up Network Monitor for Parser Development
See Also
First, create an NPL file for your parser code. On the Parsers tab, click New Parser on the toolbar. This creates the file.
Enter the following introductory comments.
Copy Code
//# ** Public Protocol Parser **
//# (c) 2008 Microsoft Corporation
//#
//# Title: Hot Standby Router Protocol
//#
//# Details:
//#
//# References: RFC 2281
//#
//# Comments:
//#
//##
To save your file, click Save on the toolbar and name it Hsrp.npl. The default location is your Documents folder in the Network Monitor 3\Parsers folder.
Normally, you must include new parsers file in the existing My_sparser.npl file in the same folder, as shown in the following code example.
Copy Code
// Personal NPL Files
include "hsrp.npl"
In this case, since HSRP is currently in the default parser set, this include statement is already defined in Microsoft_Parsers_sparser.npl, so this step can be skipped, or the duplicate statement in Microsoft_Parsers_sparser.npl must be commented out. To override the default version, make sure that your My Documents folder is at the top of the parser order list that you see when you select Options, and then Parser, on the Tools menu.
If you wanted to write your own version of Tcp.npl to override the default file, you could move your My Documents–based folder to the top of the list, copy the regular Tcp.npl file into that folder, and make your changes. Network Monitor would then load your copy of Tcp.npl, instead of the default file because it would find it first in the path hierarchy.
To test whether Network Monitor can load the file, click Reload Parsers on the Parser tab toolbar. If everything is correct, the following messages appear in the Message View window at the bottom of the Parser tab:
Successfully loaded.
Successfully serialized NPL parser.
You should also be able to see your new parser file when you click Expand Parser Files in the Object View window.
If this fails, make sure that you have saved the new parser file in the same directory as My_sparser.npl and entered it correctly in My_sparser.npl.
If you double-click Hsrp.npl in the Object View window, the code comments that you entered in the file appear to the right.
For the next step, go to Describing the Protocol.
See Also
Concepts
Writing an NPL Parser
--------------------------------------------------------------
Constant Definitions
See Also
This example contains definitions for all NPL basic data types. It is included to enable compiling the examples. Sparser lists the files required for compilation.
Copy Code
// File name: constant.npl
// Byte order constants
const LittleEndian = 0;
const BigEndian = 1;
// Bool Constants
const TRUE = 1;
const FALSE = 0;
// Address Constants
const Broadcast = 0xFFFFFFFFFFFF;
// Protocol Class for parser errors
const ParserErrorProtocolClassPublic = 1;
const ParserErrorProtocolClassWindows = 2;
const ParserErrorProtocolClassMsOffice = 3;
// Conversation Status Constants
const UnknownState = 0;
const HalfConnected = 1;
const Connected = 2;
const FinWait1 = 3;
const FinWait2 = 5;
const Disconnected = 4;
// Conversation Timeout Constants
const EnableConversationTimeout = TRUE;
const DefaultConversationTimeout = 180;
const IPv4ConversationTimeout = 180;
const TCPConversationTimeout = 180;
const UDPConversationTimeout = 180;
// Add to property flags
const ADD_TO_PROPERTY_FLAG_NO_DUPLICATES = 0x00000004;
const ADD_TO_PROPERTY_FLAG_NO_ZERO = 0x00000008;
See Also
Other Resources
NPL Examples
--------------------------------------------------------------------------------
Testend
hi young lady, how may I help you
well yeah, I am looking for a father's day gift
ok how about getting your father a new walet
how much is that walet
which one
the black one
oh it is only 40.95
that is too expensive for me. do you have a cheaper one?
how about this brown other one
I don't think my father will like the design on the other side and it doesn't have
a place to put pictures
how much is it any way
it's 25.99
en, I don't have that much money
ok how much money do you have to spend
I am not sure, probably about 10 dollars or so
I have been helping my mom around the house for the past week to earn some money
this is all I have
hmm, how about this tie
that is really pretty but the price tax says 13.99 and I know I don't have that much money
well let's just say the tie went on sales
how about five dollars? what do you say
oh thanks I will take it
Begin
Welcome to
Microsoft Network Monitor 3.3
Microsoft Network Monitor is a tool for viewing the contents of network packets that are being sent and received over a live network connection or from a previously captured data file. It provides filtering options for complex analysis of network data.
What's New
Frame Comments: Attach comments to frames in a saved capture file. Select the Frame Comments tab in the lower-right window to add, view, edit, or delete comments.
API Extensions: API methods have been added to enable access to conversation information, properties, field display strings, and comments. For more information, see the Network Monitor API Reference section of the Help.
Autoscroll: See the most recent traffic as it comes in. In a live capture, click Autoscroll on the main toolbar to have the Frame Summary window automatically scroll down to display the most recent frames as they come in. Click Autoscroll again to freeze the view in its present location.
Right-Click Add-to-Alias: Right-click the Source or Destination column in the Frame Summary window to add that address as a new alias.
Tunnel Capture Support: Capture traffic over tunnel adapters on Windows Vista SP2, Windows Server 2008, and Windows 7.
WWAN Capture Support: Capture traffic over mobile broadband data cards on Win7.
Experts Available Online: Experts are stand-alone applications that analyze Network Monitor capture data. You can install Experts and run them directly from the UI on a capture file. To search for experts, from an open capture file, click Experts on the main menu, and select Download Experts, or go to http://go.microsoft.com/fwlink/?LinkID=133950.
Right-Click Go-to-Definition: Right-click a field in the Frame Details window and select Go To Data Field Definition or Go To Data Type Definition to see where the field is defined in the NPL parsers.
A complete list of new features and known issues is available in the release notes in the Help directory.
To Give Feedback on Network Monitor 3.3
Please give us feedback on Network Monitor 3.3. Go to http://go.microsoft.com/fwlink/?LinkID=142458, and let your opinion be heard. The survey requires you to log on with your Windows Live ID.
To Learn More
Read our blog at http://blogs.technet.com/netmon.
To Share or Download Parsers
All Network Monitor parsers are now hosted on CodePlex, the Microsoft open-source project site. To get updated Microsoft parser packages and to submit or download community parsers, go to http://go.microsoft.com/fwlink/?LinkId=125105.
Protocol Documentation and Community Forums
Community Forums
Microsoft uses its developer portal, MSDN, to publish open APIs and open protocol documentation, and to host forums specific to the documentation.
Access the forums at http://go.microsoft.com/fwlink/?LinkId=111125.
Protocol Documentation
Protocol documentation is available to view and download on MSDN. This documentation includes protocols licensed under the Microsoft Communications Protocol Program (MCPP) and Microsoft Workgroup Server Protocol Program (WSPP) protocol licensing programs. It also includes preliminary documents for protocols in popular Microsoft products. Network Monitor includes parsers for Microsoft Windows protocols. The following are links to the available open protocol documentation:
Microsoft Windows Protocols: http://go.microsoft.com/fwlink/?LinkId=119905
Microsoft Office Protocols: http://go.microsoft.com/fwlink/?LinkId=119899
Microsoft Office SharePoint Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119903
Microsoft Office Exchange Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119904
© 2006-2009 Microsoft Corporation. All rights reserved.
( Conversation.ProcessName=="iexplore.exe" and Property.TCPContinuation)
or
Setting Up Network Monitor for Parser Development
See Also
First, create an NPL file for your parser code. On the Parsers tab, click New Parser on the toolbar. This creates the file.
Enter the following introductory comments.
Copy Code
//# ** Public Protocol Parser **
//# (c) 2008 Microsoft Corporation
//#
//# Title: Hot Standby Router Protocol
//#
//# Details:
//#
//# References: RFC 2281
//#
//# Comments:
//#
//##
To save your file, click Save on the toolbar and name it Hsrp.npl. The default location is your Documents folder in the Network Monitor 3\Parsers folder.
Normally, you must include new parsers file in the existing My_sparser.npl file in the same folder, as shown in the following code example.
Copy Code
// Personal NPL Files
include "hsrp.npl"
In this case, since HSRP is currently in the default parser set, this include statement is already defined in Microsoft_Parsers_sparser.npl, so this step can be skipped, or the duplicate statement in Microsoft_Parsers_sparser.npl must be commented out. To override the default version, make sure that your My Documents folder is at the top of the parser order list that you see when you select Options, and then Parser, on the Tools menu.
If you wanted to write your own version of Tcp.npl to override the default file, you could move your My Documents–based folder to the top of the list, copy the regular Tcp.npl file into that folder, and make your changes. Network Monitor would then load your copy of Tcp.npl, instead of the default file because it would find it first in the path hierarchy.
To test whether Network Monitor can load the file, click Reload Parsers on the Parser tab toolbar. If everything is correct, the following messages appear in the Message View window at the bottom of the Parser tab:
Successfully loaded.
Successfully serialized NPL parser.
You should also be able to see your new parser file when you click Expand Parser Files in the Object View window.
If this fails, make sure that you have saved the new parser file in the same directory as My_sparser.npl and entered it correctly in My_sparser.npl.
If you double-click Hsrp.npl in the Object View window, the code comments that you entered in the file appear to the right.
For the next step, go to Describing the Protocol.
See Also
Concepts
Writing an NPL Parser
--------------------------------------------------------------
Constant Definitions
See Also
This example contains definitions for all NPL basic data types. It is included to enable compiling the examples. Sparser lists the files required for compilation.
Copy Code
// File name: constant.npl
// Byte order constants
const LittleEndian = 0;
const BigEndian = 1;
// Bool Constants
const TRUE = 1;
const FALSE = 0;
// Address Constants
const Broadcast = 0xFFFFFFFFFFFF;
// Protocol Class for parser errors
const ParserErrorProtocolClassPublic = 1;
const ParserErrorProtocolClassWindows = 2;
const ParserErrorProtocolClassMsOffice = 3;
// Conversation Status Constants
const UnknownState = 0;
const HalfConnected = 1;
const Connected = 2;
const FinWait1 = 3;
const FinWait2 = 5;
const Disconnected = 4;
// Conversation Timeout Constants
const EnableConversationTimeout = TRUE;
const DefaultConversationTimeout = 180;
const IPv4ConversationTimeout = 180;
const TCPConversationTimeout = 180;
const UDPConversationTimeout = 180;
// Add to property flags
const ADD_TO_PROPERTY_FLAG_NO_DUPLICATES = 0x00000004;
const ADD_TO_PROPERTY_FLAG_NO_ZERO = 0x00000008;
See Also
Other Resources
NPL Examples
--------------------------------------------------------------------------------
Testend
Test05
skip to main
skip to sidebar
YangTest
Thursday, September 17, 2009
Test03
Begin
Welcome to
Microsoft Network Monitor 3.3
Microsoft Network Monitor is a tool for viewing the contents of network packets that are being sent and received over a live network connection or from a previously captured data file. It provides filtering options for complex analysis of network data.
What's New
Frame Comments: Attach comments to frames in a saved capture file. Select the Frame Comments tab in the lower-right window to add, view, edit, or delete comments.
API Extensions: API methods have been added to enable access to conversation information, properties, field display strings, and comments. For more information, see the Network Monitor API Reference section of the Help.
Autoscroll: See the most recent traffic as it comes in. In a live capture, click Autoscroll on the main toolbar to have the Frame Summary window automatically scroll down to display the most recent frames as they come in. Click Autoscroll again to freeze the view in its present location.
Right-Click Add-to-Alias: Right-click the Source or Destination column in the Frame Summary window to add that address as a new alias.
Tunnel Capture Support: Capture traffic over tunnel adapters on Windows Vista SP2, Windows Server 2008, and Windows 7.
WWAN Capture Support: Capture traffic over mobile broadband data cards on Win7.
Experts Available Online: Experts are stand-alone applications that analyze Network Monitor capture data. You can install Experts and run them directly from the UI on a capture file. To search for experts, from an open capture file, click Experts on the main menu, and select Download Experts, or go to http://go.microsoft.com/fwlink/?LinkID=133950.
Right-Click Go-to-Definition: Right-click a field in the Frame Details window and select Go To Data Field Definition or Go To Data Type Definition to see where the field is defined in the NPL parsers.
A complete list of new features and known issues is available in the release notes in the Help directory.
To Give Feedback on Network Monitor 3.3
Please give us feedback on Network Monitor 3.3. Go to http://go.microsoft.com/fwlink/?LinkID=142458, and let your opinion be heard. The survey requires you to log on with your Windows Live ID.
To Learn More
Read our blog at http://blogs.technet.com/netmon.
To Share or Download Parsers
All Network Monitor parsers are now hosted on CodePlex, the Microsoft open-source project site. To get updated Microsoft parser packages and to submit or download community parsers, go to http://go.microsoft.com/fwlink/?LinkId=125105.
Protocol Documentation and Community Forums
Community Forums
Microsoft uses its developer portal, MSDN, to publish open APIs and open protocol documentation, and to host forums specific to the documentation.
Access the forums at http://go.microsoft.com/fwlink/?LinkId=111125.
Protocol Documentation
Protocol documentation is available to view and download on MSDN. This documentation includes protocols licensed under the Microsoft Communications Protocol Program (MCPP) and Microsoft Workgroup Server Protocol Program (WSPP) protocol licensing programs. It also includes preliminary documents for protocols in popular Microsoft products. Network Monitor includes parsers for Microsoft Windows protocols. The following are links to the available open protocol documentation:
Microsoft Windows Protocols: http://go.microsoft.com/fwlink/?LinkId=119905
Microsoft Office Protocols: http://go.microsoft.com/fwlink/?LinkId=119899
Microsoft Office SharePoint Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119903
Microsoft Office Exchange Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119904
© 2006-2009 Microsoft Corporation. All rights reserved.
( Conversation.ProcessName=="iexplore.exe" and Property.TCPContinuation)
or
Setting Up Network Monitor for Parser Development
See Also
First, create an NPL file for your parser code. On the Parsers tab, click New Parser on the toolbar. This creates the file.
Enter the following introductory comments.
Copy Code
//# ** Public Protocol Parser **
//# (c) 2008 Microsoft Corporation
//#
//# Title: Hot Standby Router Protocol
//#
//# Details:
//#
//# References: RFC 2281
//#
//# Comments:
//#
//##
To save your file, click Save on the toolbar and name it Hsrp.npl. The default location is your Documents folder in the Network Monitor 3\Parsers folder.
Normally, you must include new parsers file in the existing My_sparser.npl file in the same folder, as shown in the following code example.
Copy Code
// Personal NPL Files
include "hsrp.npl"
In this case, since HSRP is currently in the default parser set, this include statement is already defined in Microsoft_Parsers_sparser.npl, so this step can be skipped, or the duplicate statement in Microsoft_Parsers_sparser.npl must be commented out. To override the default version, make sure that your My Documents folder is at the top of the parser order list that you see when you select Options, and then Parser, on the Tools menu.
If you wanted to write your own version of Tcp.npl to override the default file, you could move your My Documents–based folder to the top of the list, copy the regular Tcp.npl file into that folder, and make your changes. Network Monitor would then load your copy of Tcp.npl, instead of the default file because it would find it first in the path hierarchy.
To test whether Network Monitor can load the file, click Reload Parsers on the Parser tab toolbar. If everything is correct, the following messages appear in the Message View window at the bottom of the Parser tab:
Successfully loaded.
Successfully serialized NPL parser.
You should also be able to see your new parser file when you click Expand Parser Files in the Object View window.
If this fails, make sure that you have saved the new parser file in the same directory as My_sparser.npl and entered it correctly in My_sparser.npl.
If you double-click Hsrp.npl in the Object View window, the code comments that you entered in the file appear to the right.
For the next step, go to Describing the Protocol.
See Also
Concepts
Writing an NPL Parser
--------------------------------------------------------------
hi young lady, how may I help you
well yeah, I am looking for a father's day gift
ok how about getting your father a new walet
how much is that walet
which one
the black one
oh it is only 40.95
that is too expensive for me. do you have a cheaper one?
how about this brown other one
I don't think my father will like the design on the other side and it doesn't have
a place to put pictures
how much is it any way
it's 25.99
en, I don't have that much money
ok how much money do you have to spend
I am not sure, probably about 10 dollars or so
I have been helping my mom around the house for the past week to earn some money
this is all I have
hmm, how about this tie
that is really pretty but the price tax says 13.99 and I know I don't have that much money
well let's just say the tie went on sales
how about five dollars? what do you say
Constant Definitions
See Also
This example contains definitions for all NPL basic data types. It is included to enable compiling the examples. Sparser lists the files required for compilation.
Copy Code
// File name: constant.npl
// Byte order constants
const LittleEndian = 0;
const BigEndian = 1;
// Bool Constants
const TRUE = 1;
const FALSE = 0;
// Address Constants
const Broadcast = 0xFFFFFFFFFFFF;
// Protocol Class for parser errors
const ParserErrorProtocolClassPublic = 1;
const ParserErrorProtocolClassWindows = 2;
const ParserErrorProtocolClassMsOffice = 3;
// Conversation Status Constants
const UnknownState = 0;
const HalfConnected = 1;
const Connected = 2;
const FinWait1 = 3;
const FinWait2 = 5;
const Disconnected = 4;
// Conversation Timeout Constants
const EnableConversationTimeout = TRUE;
const DefaultConversationTimeout = 180;
const IPv4ConversationTimeout = 180;
const TCPConversationTimeout = 180;
const UDPConversationTimeout = 180;
// Add to property flags
const ADD_TO_PROPERTY_FLAG_NO_DUPLICATES = 0x00000004;
const ADD_TO_PROPERTY_FLAG_NO_ZERO = 0x00000008;
See Also
Other Resources
NPL Examples
--------------------------------------------------------------------------------
oh thanks I will take it
Testend
Posted by Yang at 12:23 AM 0 comments
Test02
hi young lady, how may I help you
well yeah, I am looking for a father's day gift
ok how about getting your father a new walet
how much is that walet
which one
the black one
oh it is only 40.95
that is too expensive for me. do you have a cheaper one?
how about this brown other one
I don't think my father will like the design on the other side and it doesn't have
a place to put pictures
how much is it any way
it's 25.99
en, I don't have that much money
ok how much money do you have to spend
I am not sure, probably about 10 dollars or so
I have been helping my mom around the house for the past week to earn some money
this is all I have
hmm, how about this tie
that is really pretty but the price tax says 13.99 and I know I don't have that much money
well let's just say the tie went on sales
how about five dollars? what do you say
oh thanks I will take it
Begin
Welcome to
Microsoft Network Monitor 3.3
Microsoft Network Monitor is a tool for viewing the contents of network packets that are being sent and received over a live network connection or from a previously captured data file. It provides filtering options for complex analysis of network data.
What's New
Frame Comments: Attach comments to frames in a saved capture file. Select the Frame Comments tab in the lower-right window to add, view, edit, or delete comments.
API Extensions: API methods have been added to enable access to conversation information, properties, field display strings, and comments. For more information, see the Network Monitor API Reference section of the Help.
Autoscroll: See the most recent traffic as it comes in. In a live capture, click Autoscroll on the main toolbar to have the Frame Summary window automatically scroll down to display the most recent frames as they come in. Click Autoscroll again to freeze the view in its present location.
Right-Click Add-to-Alias: Right-click the Source or Destination column in the Frame Summary window to add that address as a new alias.
Tunnel Capture Support: Capture traffic over tunnel adapters on Windows Vista SP2, Windows Server 2008, and Windows 7.
WWAN Capture Support: Capture traffic over mobile broadband data cards on Win7.
Experts Available Online: Experts are stand-alone applications that analyze Network Monitor capture data. You can install Experts and run them directly from the UI on a capture file. To search for experts, from an open capture file, click Experts on the main menu, and select Download Experts, or go to http://go.microsoft.com/fwlink/?LinkID=133950.
Right-Click Go-to-Definition: Right-click a field in the Frame Details window and select Go To Data Field Definition or Go To Data Type Definition to see where the field is defined in the NPL parsers.
A complete list of new features and known issues is available in the release notes in the Help directory.
To Give Feedback on Network Monitor 3.3
Please give us feedback on Network Monitor 3.3. Go to http://go.microsoft.com/fwlink/?LinkID=142458, and let your opinion be heard. The survey requires you to log on with your Windows Live ID.
To Learn More
Read our blog at http://blogs.technet.com/netmon.
To Share or Download Parsers
All Network Monitor parsers are now hosted on CodePlex, the Microsoft open-source project site. To get updated Microsoft parser packages and to submit or download community parsers, go to http://go.microsoft.com/fwlink/?LinkId=125105.
Protocol Documentation and Community Forums
Community Forums
Microsoft uses its developer portal, MSDN, to publish open APIs and open protocol documentation, and to host forums specific to the documentation.
Access the forums at http://go.microsoft.com/fwlink/?LinkId=111125.
Protocol Documentation
Protocol documentation is available to view and download on MSDN. This documentation includes protocols licensed under the Microsoft Communications Protocol Program (MCPP) and Microsoft Workgroup Server Protocol Program (WSPP) protocol licensing programs. It also includes preliminary documents for protocols in popular Microsoft products. Network Monitor includes parsers for Microsoft Windows protocols. The following are links to the available open protocol documentation:
Microsoft Windows Protocols: http://go.microsoft.com/fwlink/?LinkId=119905
Microsoft Office Protocols: http://go.microsoft.com/fwlink/?LinkId=119899
Microsoft Office SharePoint Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119903
Microsoft Office Exchange Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119904
© 2006-2009 Microsoft Corporation. All rights reserved.
( Conversation.ProcessName=="iexplore.exe" and Property.TCPContinuation)
or
Setting Up Network Monitor for Parser Development
See Also
First, create an NPL file for your parser code. On the Parsers tab, click New Parser on the toolbar. This creates the file.
Enter the following introductory comments.
Copy Code
//# ** Public Protocol Parser **
//# (c) 2008 Microsoft Corporation
//#
//# Title: Hot Standby Router Protocol
//#
//# Details:
//#
//# References: RFC 2281
//#
//# Comments:
//#
//##
To save your file, click Save on the toolbar and name it Hsrp.npl. The default location is your Documents folder in the Network Monitor 3\Parsers folder.
Normally, you must include new parsers file in the existing My_sparser.npl file in the same folder, as shown in the following code example.
Copy Code
// Personal NPL Files
include "hsrp.npl"
In this case, since HSRP is currently in the default parser set, this include statement is already defined in Microsoft_Parsers_sparser.npl, so this step can be skipped, or the duplicate statement in Microsoft_Parsers_sparser.npl must be commented out. To override the default version, make sure that your My Documents folder is at the top of the parser order list that you see when you select Options, and then Parser, on the Tools menu.
If you wanted to write your own version of Tcp.npl to override the default file, you could move your My Documents–based folder to the top of the list, copy the regular Tcp.npl file into that folder, and make your changes. Network Monitor would then load your copy of Tcp.npl, instead of the default file because it would find it first in the path hierarchy.
To test whether Network Monitor can load the file, click Reload Parsers on the Parser tab toolbar. If everything is correct, the following messages appear in the Message View window at the bottom of the Parser tab:
Successfully loaded.
Successfully serialized NPL parser.
You should also be able to see your new parser file when you click Expand Parser Files in the Object View window.
If this fails, make sure that you have saved the new parser file in the same directory as My_sparser.npl and entered it correctly in My_sparser.npl.
If you double-click Hsrp.npl in the Object View window, the code comments that you entered in the file appear to the right.
For the next step, go to Describing the Protocol.
See Also
Concepts
Writing an NPL Parser
--------------------------------------------------------------
Constant Definitions
See Also
This example contains definitions for all NPL basic data types. It is included to enable compiling the examples. Sparser lists the files required for compilation.
Copy Code
// File name: constant.npl
// Byte order constants
const LittleEndian = 0;
const BigEndian = 1;
// Bool Constants
const TRUE = 1;
const FALSE = 0;
// Address Constants
const Broadcast = 0xFFFFFFFFFFFF;
// Protocol Class for parser errors
const ParserErrorProtocolClassPublic = 1;
const ParserErrorProtocolClassWindows = 2;
const ParserErrorProtocolClassMsOffice = 3;
// Conversation Status Constants
const UnknownState = 0;
const HalfConnected = 1;
const Connected = 2;
const FinWait1 = 3;
const FinWait2 = 5;
const Disconnected = 4;
// Conversation Timeout Constants
const EnableConversationTimeout = TRUE;
const DefaultConversationTimeout = 180;
const IPv4ConversationTimeout = 180;
const TCPConversationTimeout = 180;
const UDPConversationTimeout = 180;
// Add to property flags
const ADD_TO_PROPERTY_FLAG_NO_DUPLICATES = 0x00000004;
const ADD_TO_PROPERTY_FLAG_NO_ZERO = 0x00000008;
See Also
Other Resources
NPL Examples
----------------------------------------------------------------------------
Testend
Posted by Yang at 12:19 AM 0 comments
Test02
StartTest
hi young lady, how may I help you
well yeah, I am looking for a father's day gift
ok how about getting your father a new walet
how much is that walet
which one
the black one
oh it is only 40.95
that is too expensive for me. do you have a cheaper one?
how about this brown other one
I don't think my father will like the design on the other side and it doesn't have
a place to put pictures
how much is it any way
it's 25.99
en, I don't have that much money
ok how much money do you have to spend
I am not sure, probably about 10 dollars or so
I have been helping my mom around the house for the past week to earn some money
this is all I have
hmm, how about this tie
that is really pretty but the price tax says 13.99 and I know I don't have that much money
well let's just say the tie went on sales
how about five dollars? what do you say
Constant Definitions
See Also
This example contains definitions for all NPL basic data types. It is included to enable compiling the examples. Sparser lists the files required for compilation.
Copy Code
// File name: constant.npl
// Byte order constants
const LittleEndian = 0;
const BigEndian = 1;
// Bool Constants
const TRUE = 1;
const FALSE = 0;
// Address Constants
const Broadcast = 0xFFFFFFFFFFFF;
// Protocol Class for parser errors
const ParserErrorProtocolClassPublic = 1;
const ParserErrorProtocolClassWindows = 2;
const ParserErrorProtocolClassMsOffice = 3;
// Conversation Status Constants
const UnknownState = 0;
const HalfConnected = 1;
const Connected = 2;
const FinWait1 = 3;
const FinWait2 = 5;
const Disconnected = 4;
// Conversation Timeout Constants
const EnableConversationTimeout = TRUE;
const DefaultConversationTimeout = 180;
const IPv4ConversationTimeout = 180;
const TCPConversationTimeout = 180;
const UDPConversationTimeout = 180;
// Add to property flags
const ADD_TO_PROPERTY_FLAG_NO_DUPLICATES = 0x00000004;
const ADD_TO_PROPERTY_FLAG_NO_ZERO = 0x00000008;
See Also
Other Resources
NPL Examples
--------------------------------------------------------------------------------
oh thanks I will take it
Posted by Yang at 12:11 AM 0 comments
Subscribe to: Posts (Atom) Followers
Blog Archive
▼ 2009 (3)
▼ September (3)
Test03
Test02
Test02
About Me
Yang
View my complete profile
skip to sidebar
YangTest
Thursday, September 17, 2009
Test03
Begin
Welcome to
Microsoft Network Monitor 3.3
Microsoft Network Monitor is a tool for viewing the contents of network packets that are being sent and received over a live network connection or from a previously captured data file. It provides filtering options for complex analysis of network data.
What's New
Frame Comments: Attach comments to frames in a saved capture file. Select the Frame Comments tab in the lower-right window to add, view, edit, or delete comments.
API Extensions: API methods have been added to enable access to conversation information, properties, field display strings, and comments. For more information, see the Network Monitor API Reference section of the Help.
Autoscroll: See the most recent traffic as it comes in. In a live capture, click Autoscroll on the main toolbar to have the Frame Summary window automatically scroll down to display the most recent frames as they come in. Click Autoscroll again to freeze the view in its present location.
Right-Click Add-to-Alias: Right-click the Source or Destination column in the Frame Summary window to add that address as a new alias.
Tunnel Capture Support: Capture traffic over tunnel adapters on Windows Vista SP2, Windows Server 2008, and Windows 7.
WWAN Capture Support: Capture traffic over mobile broadband data cards on Win7.
Experts Available Online: Experts are stand-alone applications that analyze Network Monitor capture data. You can install Experts and run them directly from the UI on a capture file. To search for experts, from an open capture file, click Experts on the main menu, and select Download Experts, or go to http://go.microsoft.com/fwlink/?LinkID=133950.
Right-Click Go-to-Definition: Right-click a field in the Frame Details window and select Go To Data Field Definition or Go To Data Type Definition to see where the field is defined in the NPL parsers.
A complete list of new features and known issues is available in the release notes in the Help directory.
To Give Feedback on Network Monitor 3.3
Please give us feedback on Network Monitor 3.3. Go to http://go.microsoft.com/fwlink/?LinkID=142458, and let your opinion be heard. The survey requires you to log on with your Windows Live ID.
To Learn More
Read our blog at http://blogs.technet.com/netmon.
To Share or Download Parsers
All Network Monitor parsers are now hosted on CodePlex, the Microsoft open-source project site. To get updated Microsoft parser packages and to submit or download community parsers, go to http://go.microsoft.com/fwlink/?LinkId=125105.
Protocol Documentation and Community Forums
Community Forums
Microsoft uses its developer portal, MSDN, to publish open APIs and open protocol documentation, and to host forums specific to the documentation.
Access the forums at http://go.microsoft.com/fwlink/?LinkId=111125.
Protocol Documentation
Protocol documentation is available to view and download on MSDN. This documentation includes protocols licensed under the Microsoft Communications Protocol Program (MCPP) and Microsoft Workgroup Server Protocol Program (WSPP) protocol licensing programs. It also includes preliminary documents for protocols in popular Microsoft products. Network Monitor includes parsers for Microsoft Windows protocols. The following are links to the available open protocol documentation:
Microsoft Windows Protocols: http://go.microsoft.com/fwlink/?LinkId=119905
Microsoft Office Protocols: http://go.microsoft.com/fwlink/?LinkId=119899
Microsoft Office SharePoint Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119903
Microsoft Office Exchange Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119904
© 2006-2009 Microsoft Corporation. All rights reserved.
( Conversation.ProcessName=="iexplore.exe" and Property.TCPContinuation)
or
Setting Up Network Monitor for Parser Development
See Also
First, create an NPL file for your parser code. On the Parsers tab, click New Parser on the toolbar. This creates the file.
Enter the following introductory comments.
Copy Code
//# ** Public Protocol Parser **
//# (c) 2008 Microsoft Corporation
//#
//# Title: Hot Standby Router Protocol
//#
//# Details:
//#
//# References: RFC 2281
//#
//# Comments:
//#
//##
To save your file, click Save on the toolbar and name it Hsrp.npl. The default location is your Documents folder in the Network Monitor 3\Parsers folder.
Normally, you must include new parsers file in the existing My_sparser.npl file in the same folder, as shown in the following code example.
Copy Code
// Personal NPL Files
include "hsrp.npl"
In this case, since HSRP is currently in the default parser set, this include statement is already defined in Microsoft_Parsers_sparser.npl, so this step can be skipped, or the duplicate statement in Microsoft_Parsers_sparser.npl must be commented out. To override the default version, make sure that your My Documents folder is at the top of the parser order list that you see when you select Options, and then Parser, on the Tools menu.
If you wanted to write your own version of Tcp.npl to override the default file, you could move your My Documents–based folder to the top of the list, copy the regular Tcp.npl file into that folder, and make your changes. Network Monitor would then load your copy of Tcp.npl, instead of the default file because it would find it first in the path hierarchy.
To test whether Network Monitor can load the file, click Reload Parsers on the Parser tab toolbar. If everything is correct, the following messages appear in the Message View window at the bottom of the Parser tab:
Successfully loaded.
Successfully serialized NPL parser.
You should also be able to see your new parser file when you click Expand Parser Files in the Object View window.
If this fails, make sure that you have saved the new parser file in the same directory as My_sparser.npl and entered it correctly in My_sparser.npl.
If you double-click Hsrp.npl in the Object View window, the code comments that you entered in the file appear to the right.
For the next step, go to Describing the Protocol.
See Also
Concepts
Writing an NPL Parser
--------------------------------------------------------------
hi young lady, how may I help you
well yeah, I am looking for a father's day gift
ok how about getting your father a new walet
how much is that walet
which one
the black one
oh it is only 40.95
that is too expensive for me. do you have a cheaper one?
how about this brown other one
I don't think my father will like the design on the other side and it doesn't have
a place to put pictures
how much is it any way
it's 25.99
en, I don't have that much money
ok how much money do you have to spend
I am not sure, probably about 10 dollars or so
I have been helping my mom around the house for the past week to earn some money
this is all I have
hmm, how about this tie
that is really pretty but the price tax says 13.99 and I know I don't have that much money
well let's just say the tie went on sales
how about five dollars? what do you say
Constant Definitions
See Also
This example contains definitions for all NPL basic data types. It is included to enable compiling the examples. Sparser lists the files required for compilation.
Copy Code
// File name: constant.npl
// Byte order constants
const LittleEndian = 0;
const BigEndian = 1;
// Bool Constants
const TRUE = 1;
const FALSE = 0;
// Address Constants
const Broadcast = 0xFFFFFFFFFFFF;
// Protocol Class for parser errors
const ParserErrorProtocolClassPublic = 1;
const ParserErrorProtocolClassWindows = 2;
const ParserErrorProtocolClassMsOffice = 3;
// Conversation Status Constants
const UnknownState = 0;
const HalfConnected = 1;
const Connected = 2;
const FinWait1 = 3;
const FinWait2 = 5;
const Disconnected = 4;
// Conversation Timeout Constants
const EnableConversationTimeout = TRUE;
const DefaultConversationTimeout = 180;
const IPv4ConversationTimeout = 180;
const TCPConversationTimeout = 180;
const UDPConversationTimeout = 180;
// Add to property flags
const ADD_TO_PROPERTY_FLAG_NO_DUPLICATES = 0x00000004;
const ADD_TO_PROPERTY_FLAG_NO_ZERO = 0x00000008;
See Also
Other Resources
NPL Examples
--------------------------------------------------------------------------------
oh thanks I will take it
Testend
Posted by Yang at 12:23 AM 0 comments
Test02
hi young lady, how may I help you
well yeah, I am looking for a father's day gift
ok how about getting your father a new walet
how much is that walet
which one
the black one
oh it is only 40.95
that is too expensive for me. do you have a cheaper one?
how about this brown other one
I don't think my father will like the design on the other side and it doesn't have
a place to put pictures
how much is it any way
it's 25.99
en, I don't have that much money
ok how much money do you have to spend
I am not sure, probably about 10 dollars or so
I have been helping my mom around the house for the past week to earn some money
this is all I have
hmm, how about this tie
that is really pretty but the price tax says 13.99 and I know I don't have that much money
well let's just say the tie went on sales
how about five dollars? what do you say
oh thanks I will take it
Begin
Welcome to
Microsoft Network Monitor 3.3
Microsoft Network Monitor is a tool for viewing the contents of network packets that are being sent and received over a live network connection or from a previously captured data file. It provides filtering options for complex analysis of network data.
What's New
Frame Comments: Attach comments to frames in a saved capture file. Select the Frame Comments tab in the lower-right window to add, view, edit, or delete comments.
API Extensions: API methods have been added to enable access to conversation information, properties, field display strings, and comments. For more information, see the Network Monitor API Reference section of the Help.
Autoscroll: See the most recent traffic as it comes in. In a live capture, click Autoscroll on the main toolbar to have the Frame Summary window automatically scroll down to display the most recent frames as they come in. Click Autoscroll again to freeze the view in its present location.
Right-Click Add-to-Alias: Right-click the Source or Destination column in the Frame Summary window to add that address as a new alias.
Tunnel Capture Support: Capture traffic over tunnel adapters on Windows Vista SP2, Windows Server 2008, and Windows 7.
WWAN Capture Support: Capture traffic over mobile broadband data cards on Win7.
Experts Available Online: Experts are stand-alone applications that analyze Network Monitor capture data. You can install Experts and run them directly from the UI on a capture file. To search for experts, from an open capture file, click Experts on the main menu, and select Download Experts, or go to http://go.microsoft.com/fwlink/?LinkID=133950.
Right-Click Go-to-Definition: Right-click a field in the Frame Details window and select Go To Data Field Definition or Go To Data Type Definition to see where the field is defined in the NPL parsers.
A complete list of new features and known issues is available in the release notes in the Help directory.
To Give Feedback on Network Monitor 3.3
Please give us feedback on Network Monitor 3.3. Go to http://go.microsoft.com/fwlink/?LinkID=142458, and let your opinion be heard. The survey requires you to log on with your Windows Live ID.
To Learn More
Read our blog at http://blogs.technet.com/netmon.
To Share or Download Parsers
All Network Monitor parsers are now hosted on CodePlex, the Microsoft open-source project site. To get updated Microsoft parser packages and to submit or download community parsers, go to http://go.microsoft.com/fwlink/?LinkId=125105.
Protocol Documentation and Community Forums
Community Forums
Microsoft uses its developer portal, MSDN, to publish open APIs and open protocol documentation, and to host forums specific to the documentation.
Access the forums at http://go.microsoft.com/fwlink/?LinkId=111125.
Protocol Documentation
Protocol documentation is available to view and download on MSDN. This documentation includes protocols licensed under the Microsoft Communications Protocol Program (MCPP) and Microsoft Workgroup Server Protocol Program (WSPP) protocol licensing programs. It also includes preliminary documents for protocols in popular Microsoft products. Network Monitor includes parsers for Microsoft Windows protocols. The following are links to the available open protocol documentation:
Microsoft Windows Protocols: http://go.microsoft.com/fwlink/?LinkId=119905
Microsoft Office Protocols: http://go.microsoft.com/fwlink/?LinkId=119899
Microsoft Office SharePoint Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119903
Microsoft Office Exchange Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119904
© 2006-2009 Microsoft Corporation. All rights reserved.
( Conversation.ProcessName=="iexplore.exe" and Property.TCPContinuation)
or
Setting Up Network Monitor for Parser Development
See Also
First, create an NPL file for your parser code. On the Parsers tab, click New Parser on the toolbar. This creates the file.
Enter the following introductory comments.
Copy Code
//# ** Public Protocol Parser **
//# (c) 2008 Microsoft Corporation
//#
//# Title: Hot Standby Router Protocol
//#
//# Details:
//#
//# References: RFC 2281
//#
//# Comments:
//#
//##
To save your file, click Save on the toolbar and name it Hsrp.npl. The default location is your Documents folder in the Network Monitor 3\Parsers folder.
Normally, you must include new parsers file in the existing My_sparser.npl file in the same folder, as shown in the following code example.
Copy Code
// Personal NPL Files
include "hsrp.npl"
In this case, since HSRP is currently in the default parser set, this include statement is already defined in Microsoft_Parsers_sparser.npl, so this step can be skipped, or the duplicate statement in Microsoft_Parsers_sparser.npl must be commented out. To override the default version, make sure that your My Documents folder is at the top of the parser order list that you see when you select Options, and then Parser, on the Tools menu.
If you wanted to write your own version of Tcp.npl to override the default file, you could move your My Documents–based folder to the top of the list, copy the regular Tcp.npl file into that folder, and make your changes. Network Monitor would then load your copy of Tcp.npl, instead of the default file because it would find it first in the path hierarchy.
To test whether Network Monitor can load the file, click Reload Parsers on the Parser tab toolbar. If everything is correct, the following messages appear in the Message View window at the bottom of the Parser tab:
Successfully loaded.
Successfully serialized NPL parser.
You should also be able to see your new parser file when you click Expand Parser Files in the Object View window.
If this fails, make sure that you have saved the new parser file in the same directory as My_sparser.npl and entered it correctly in My_sparser.npl.
If you double-click Hsrp.npl in the Object View window, the code comments that you entered in the file appear to the right.
For the next step, go to Describing the Protocol.
See Also
Concepts
Writing an NPL Parser
--------------------------------------------------------------
Constant Definitions
See Also
This example contains definitions for all NPL basic data types. It is included to enable compiling the examples. Sparser lists the files required for compilation.
Copy Code
// File name: constant.npl
// Byte order constants
const LittleEndian = 0;
const BigEndian = 1;
// Bool Constants
const TRUE = 1;
const FALSE = 0;
// Address Constants
const Broadcast = 0xFFFFFFFFFFFF;
// Protocol Class for parser errors
const ParserErrorProtocolClassPublic = 1;
const ParserErrorProtocolClassWindows = 2;
const ParserErrorProtocolClassMsOffice = 3;
// Conversation Status Constants
const UnknownState = 0;
const HalfConnected = 1;
const Connected = 2;
const FinWait1 = 3;
const FinWait2 = 5;
const Disconnected = 4;
// Conversation Timeout Constants
const EnableConversationTimeout = TRUE;
const DefaultConversationTimeout = 180;
const IPv4ConversationTimeout = 180;
const TCPConversationTimeout = 180;
const UDPConversationTimeout = 180;
// Add to property flags
const ADD_TO_PROPERTY_FLAG_NO_DUPLICATES = 0x00000004;
const ADD_TO_PROPERTY_FLAG_NO_ZERO = 0x00000008;
See Also
Other Resources
NPL Examples
----------------------------------------------------------------------------
Testend
Posted by Yang at 12:19 AM 0 comments
Test02
StartTest
hi young lady, how may I help you
well yeah, I am looking for a father's day gift
ok how about getting your father a new walet
how much is that walet
which one
the black one
oh it is only 40.95
that is too expensive for me. do you have a cheaper one?
how about this brown other one
I don't think my father will like the design on the other side and it doesn't have
a place to put pictures
how much is it any way
it's 25.99
en, I don't have that much money
ok how much money do you have to spend
I am not sure, probably about 10 dollars or so
I have been helping my mom around the house for the past week to earn some money
this is all I have
hmm, how about this tie
that is really pretty but the price tax says 13.99 and I know I don't have that much money
well let's just say the tie went on sales
how about five dollars? what do you say
Constant Definitions
See Also
This example contains definitions for all NPL basic data types. It is included to enable compiling the examples. Sparser lists the files required for compilation.
Copy Code
// File name: constant.npl
// Byte order constants
const LittleEndian = 0;
const BigEndian = 1;
// Bool Constants
const TRUE = 1;
const FALSE = 0;
// Address Constants
const Broadcast = 0xFFFFFFFFFFFF;
// Protocol Class for parser errors
const ParserErrorProtocolClassPublic = 1;
const ParserErrorProtocolClassWindows = 2;
const ParserErrorProtocolClassMsOffice = 3;
// Conversation Status Constants
const UnknownState = 0;
const HalfConnected = 1;
const Connected = 2;
const FinWait1 = 3;
const FinWait2 = 5;
const Disconnected = 4;
// Conversation Timeout Constants
const EnableConversationTimeout = TRUE;
const DefaultConversationTimeout = 180;
const IPv4ConversationTimeout = 180;
const TCPConversationTimeout = 180;
const UDPConversationTimeout = 180;
// Add to property flags
const ADD_TO_PROPERTY_FLAG_NO_DUPLICATES = 0x00000004;
const ADD_TO_PROPERTY_FLAG_NO_ZERO = 0x00000008;
See Also
Other Resources
NPL Examples
--------------------------------------------------------------------------------
oh thanks I will take it
Posted by Yang at 12:11 AM 0 comments
Subscribe to: Posts (Atom) Followers
Blog Archive
▼ 2009 (3)
▼ September (3)
Test03
Test02
Test02
About Me
Yang
View my complete profile
Subscribe to:
Comments (Atom)