TestBegins
Begin
Welcome to
Microsoft Network Monitor 3.3
Microsoft Network Monitor is a tool for viewing the contents of network packets that are being sent and received over a live network connection or from a previously captured data file. It provides filtering options for complex analysis of network data.
What's New
Frame Comments: Attach comments to frames in a saved capture file. Select the Frame Comments tab in the lower-right window to add, view, edit, or delete comments.
API Extensions: API methods have been added to enable access to conversation information, properties, field display strings, and comments. For more information, see the Network Monitor API Reference section of the Help.
Autoscroll: See the most recent traffic as it comes in. In a live capture, click Autoscroll on the main toolbar to have the Frame Summary window automatically scroll down to display the most recent frames as they come in. Click Autoscroll again to freeze the view in its present location.
Right-Click Add-to-Alias: Right-click the Source or Destination column in the Frame Summary window to add that address as a new alias.
Tunnel Capture Support: Capture traffic over tunnel adapters on Windows Vista SP2, Windows Server 2008, and Windows 7.
WWAN Capture Support: Capture traffic over mobile broadband data cards on Win7.
Experts Available Online: Experts are stand-alone applications that analyze Network Monitor capture data. You can install Experts and run them directly from the UI on a capture file. To search for experts, from an open capture file, click Experts on the main menu, and select Download Experts, or go to http://go.microsoft.com/fwlink/?LinkID=133950.
Right-Click Go-to-Definition: Right-click a field in the Frame Details window and select Go To Data Field Definition or Go To Data Type Definition to see where the field is defined in the NPL parsers.
A complete list of new features and known issues is available in the release notes in the Help directory.
To Give Feedback on Network Monitor 3.3
Please give us feedback on Network Monitor 3.3. Go to http://go.microsoft.com/fwlink/?LinkID=142458, and let your opinion be heard. The survey requires you to log on with your Windows Live ID.
To Learn More
Read our blog at http://blogs.technet.com/netmon.
To Share or Download Parsers
All Network Monitor parsers are now hosted on CodePlex, the Microsoft open-source project site. To get updated Microsoft parser packages and to submit or download community parsers, go to http://go.microsoft.com/fwlink/?LinkId=125105.
Protocol Documentation and Community Forums
Community Forums
Microsoft uses its developer portal, MSDN, to publish open APIs and open protocol documentation, and to host forums specific to the documentation.
Access the forums at http://go.microsoft.com/fwlink/?LinkId=111125.
Protocol Documentation
Protocol documentation is available to view and download on MSDN. This documentation includes protocols licensed under the Microsoft Communications Protocol Program (MCPP) and Microsoft Workgroup Server Protocol Program (WSPP) protocol licensing programs. It also includes preliminary documents for protocols in popular Microsoft products. Network Monitor includes parsers for Microsoft Windows protocols. The following are links to the available open protocol documentation:
Microsoft Windows Protocols: http://go.microsoft.com/fwlink/?LinkId=119905
Microsoft Office Protocols: http://go.microsoft.com/fwlink/?LinkId=119899
Microsoft Office SharePoint Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119903
Microsoft Office Exchange Server Protocols: http://go.microsoft.com/fwlink/?LinkId=119904
© 2006-2009 Microsoft Corporation. All rights reserved.
( Conversation.ProcessName=="iexplore.exe" and Property.TCPContinuation)
or
Setting Up Network Monitor for Parser Development
See Also
First, create an NPL file for your parser code. On the Parsers tab, click New Parser on the toolbar. This creates the file.
Enter the following introductory comments.
Copy Code
//# ** Public Protocol Parser **
//# (c) 2008 Microsoft Corporation
//#
//# Title: Hot Standby Router Protocol
//#
//# Details:
//#
//# References: RFC 2281
//#
//# Comments:
//#
//##
To save your file, click Save on the toolbar and name it Hsrp.npl. The default location is your Documents folder in the Network Monitor 3\Parsers folder.
Normally, you must include new parsers file in the existing My_sparser.npl file in the same folder, as shown in the following code example.
Copy Code
// Personal NPL Files
include "hsrp.npl"
In this case, since HSRP is currently in the default parser set, this include statement is already defined in Microsoft_Parsers_sparser.npl, so this step can be skipped, or the duplicate statement in Microsoft_Parsers_sparser.npl must be commented out. To override the default version, make sure that your My Documents folder is at the top of the parser order list that you see when you select Options, and then Parser, on the Tools menu.
If you wanted to write your own version of Tcp.npl to override the default file, you could move your My Documents–based folder to the top of the list, copy the regular Tcp.npl file into that folder, and make your changes. Network Monitor would then load your copy of Tcp.npl, instead of the default file because it would find it first in the path hierarchy.
To test whether Network Monitor can load the file, click Reload Parsers on the Parser tab toolbar. If everything is correct, the following messages appear in the Message View window at the bottom of the Parser tab:
Successfully loaded.
Successfully serialized NPL parser.
You should also be able to see your new parser file when you click Expand Parser Files in the Object View window.
If this fails, make sure that you have saved the new parser file in the same directory as My_sparser.npl and entered it correctly in My_sparser.npl.
If you double-click Hsrp.npl in the Object View window, the code comments that you entered in the file appear to the right.
For the next step, go to Describing the Protocol.
See Also
Concepts
Writing an NPL Parser
--------------------------------------------------------------
hi young lady, how may I help you
well yeah, I am looking for a father's day gift
ok how about getting your father a new walet
how much is that walet
which one
the black one
oh it is only 40.95
that is too expensive for me. do you have a cheaper one?
how about this brown other one
I don't think my father will like the design on the other side and it doesn't have
a place to put pictures
how much is it any way
it's 25.99
en, I don't have that much money
ok how much money do you have to spend
I am not sure, probably about 10 dollars or so
I have been helping my mom around the house for the past week to earn some money
this is all I have
hmm, how about this tie
that is really pretty but the price tax says 13.99 and I know I don't have that much money
well let's just say the tie went on sales
how about five dollars? what do you say
Constant Definitions
See Also
This example contains definitions for all NPL basic data types. It is included to enable compiling the examples. Sparser lists the files required for compilation.
Copy Code
// File name: constant.npl
// Byte order constants
const LittleEndian = 0;
const BigEndian = 1;
// Bool Constants
const TRUE = 1;
const FALSE = 0;
// Address Constants
const Broadcast = 0xFFFFFFFFFFFF;
// Protocol Class for parser errors
const ParserErrorProtocolClassPublic = 1;
const ParserErrorProtocolClassWindows = 2;
const ParserErrorProtocolClassMsOffice = 3;
// Conversation Status Constants
const UnknownState = 0;
const HalfConnected = 1;
const Connected = 2;
const FinWait1 = 3;
const FinWait2 = 5;
const Disconnected = 4;
// Conversation Timeout Constants
const EnableConversationTimeout = TRUE;
const DefaultConversationTimeout = 180;
const IPv4ConversationTimeout = 180;
const TCPConversationTimeout = 180;
const UDPConversationTimeout = 180;
// Add to property flags
const ADD_TO_PROPERTY_FLAG_NO_DUPLICATES = 0x00000004;
const ADD_TO_PROPERTY_FLAG_NO_ZERO = 0x00000008;
See Also
Other Resources
NPL Examples
--------------------------------------------------------------------------------
oh thanks I will take it
TestendTestEnds
No comments:
Post a Comment