Windows environment to a user through the analysis of the way caught in the interface of the operation, and record the content of the operation and operation of the corresponding output,
Overview features as follows:
1, to capture a specific port type of UDP packet D1, record the current timestamp T1;
2, parse the UDP packet D1, output the user layer data content UD1;
3, write a program to compare this cycle T1 and UDP packets on a cycle of user data (after parsing the UDP protocol shell) difference;
4, write a program parsing user data differences, identify whether the differences in content users perform operations, or output, and identify the operation content, and the output, and for display on the interface, confirmed by the user,
Among them 1, 2 to applications of wireshark caught and analysis function, if wireshark can provide more complete data content of the UDP protocol parsing, to write your own applications, that will save a lot of time and energy,
But I watched the wireshark website simple, seemingly did not find this interface, just saw a Lib, pcap, original content can be used to capture network packets, in the class have libpcap UNIX platform, and have WinPcap in Windows platform, so can real-time capture packets, but protocol parsing have to write their own completely,
For real-time analytic data packets for parsing algorithm performance is very good, if can employ the parsed content, wireshark or the optimal solution,
So to ask Daniel, such interface, confirm again, if not, we'll see,
Thank you very much!
CodePudding user response:
Wireshark is open source,CodePudding user response:
The need to parse data analysisCodePudding user response:
A library: WinPcap library, very simple, it is ok to call several function,