TestBegin
NPL Language Overview
See Also
Network Monitor Parsing Language (NPL) is a script-based language that provides a way to specify the layout of network data for a particular protocol. It enables decoding protocols into human-readable text.
Setting Up Network Monitor for Parser Development
See Also
First, create an NPL file for your parser code. On the Parsers tab, click New Parser on the toolbar. This creates the file.
Enter the following introductory comments.
Copy Code
//# ** Public Protocol Parser **
//# (c) 2008 Microsoft Corporation
//#
//# Title: Hot Standby Router Protocol
//#
//# Details:
//#
//# References: RFC 2281
//#
//# Comments:
//#
//##
To save your file, click Save on the toolbar and name it Hsrp.npl. The default location is your Documents folder in the Network Monitor 3\Parsers folder.
Normally, you must include new parsers file in the existing My_sparser.npl file in the same folder, as shown in the following code example.
Copy Code
// Personal NPL Files
include "hsrp.npl"
In this case, since HSRP is currently in the default parser set, this include statement is already defined in Microsoft_Parsers_sparser.npl, so this step can be skipped, or the duplicate statement in Microsoft_Parsers_sparser.npl must be commented out. To override the default version, make sure that your My Documents folder is at the top of the parser order list that you see when you select Options, and then Parser, on the Tools menu.
If you wanted to write your own version of Tcp.npl to override the default file, you could move your My Documents–based folder to the top of the list, copy the regular Tcp.npl file into that folder, and make your changes. Network Monitor would then load your copy of Tcp.npl, instead of the default file because it would find it first in the path hierarchy.
To test whether Network Monitor can load the file, click Reload Parsers on the Parser tab toolbar. If everything is correct, the following messages appear in the Message View window at the bottom of the Parser tab:
Successfully loaded.
Successfully serialized NPL parser.
You should also be able to see your new parser file when you click Expand Parser Files in the Object View window.
If this fails, make sure that you have saved the new parser file in the same directory as My_sparser.npl and entered it correctly in My_sparser.npl.
If you double-click Hsrp.npl in the Object View window, the code comments that you entered in the file appear to the right.
For the next step, go to Describing the Protocol.
See Also
Concepts
Writing an NPL Parser
--------------------------------------------------------------------------------
How Network Monitor Parsing Works
An NPL code file is compiled to byte code, which Network Monitor uses to decode and filter. Although it looks a lot like C#, it is more like a line-by-line script that translates the serialized data coming over the wire into human-readable text.
The key part of the parser is the protocol block, which defines the data fields and structures in the protocol. Each data field line in the protocol block consumes bytes in the frame. At the end of the protocol block, there is usually a switch statement, which detects the next protocol to consume the remaining bytes of the frame.
The first protocol that is invoked on a frame is the frame protocol, similar to the main function in C, defined in Frame.npl. This protocol uses information about the media type used to capture the frame to determine the link layer protocol to invoke next, for example, Ethernet, wireless, ATM, or IP1394.
Network Monitor Parsers
Network Monitor comes with a set of standard parsers built in. To see the available parsers, click the Parser tab, and expand Parser Files in the Object View window. Double-click a parser to see its NPL code. This code can be modified to accommodate any special needs in parsing a protocol.
The Microsoft Windows Protocol parsers are loaded as stubs by default. To see the full code for these parsers, you must load the full parsers. For more information, see Changing Parser Set Options.
As additional parsers become available, they are posted on the CodePlex Web site. For more information, see Sharing Parsers on CodePlex.
Writing Custom Parsers
NPL can be used to write custom parsers for new protocols that are not yet available. For an extended example, see Writing an NPL Parser. If you want to share a parser that you have written, you can post it to CodePlex.
See Also
Concepts
Network Monitor Parsing Language
--------------------------------------------------------------------------------
TestEnd
No comments:
Post a Comment