Reputation: 133
Extract network packets protocol using PCAP.Net
In order to parse network traffic I'm using PCAP.Net (I run splitcap on a given PCAP file and using PCAP.Net to extract communication data from the resulted bin files).
Is it possible to get the Protocol (HTTP, FTP etc.) being used in a specific packet (no based on port number) using PCAP.Net?
Upvotes: 2
Views: 2053
Answers (2)
Reputation: 1779
I know this is several years old, but using PCAP.net 1.0.2.76195 (several years old at the time of this writing), you can get it very simply like such
packet.Ethernet.IpV4.Protocol
For example, reading an icmp packet like this
Console.WriteLine(packet.Ethernet.IpV4.Protocol.ToString())
Shows this
InternetControlMessageProtocol
A TCP packet shows up as
Tcp
Upvotes: 1
Reputation: 6585
HTTP and FTP protocols are recognized by ports. Content might help as well.
As far as I know, there's no other way to recognize such packets.
Pcap.Net can't give you the protocol of the packet because there isn't a way to do that.
You can guess the protocol similar to how Wireshark guesses it using ports, content and other packets.
Upvotes: 2
Related Questions
- Extracting packet details in c#
- SharpPcap - A Packet Capture problem to extract information from the packet
- c# Provide packet source in pcap.net
- Extracting packet details using jnetpcap library
- extracting packet from frame winpcap
- Using pcapdotnet to send raw ethernet packet
- Recognizing the interface that a packet comes from in pcap.net?
- WinPCap - how can I get protocol (e.g. HTTP) within TCP packet & HTTP fields?
- How can i properly parse a RAW(Raw Ip) packet with C#?
- Packet Logging with Pcap for C#