Reputation: 133
In order to parse network traffic I'm using PCAP.Net
(I run splitcap on a given PCAP file and using PCAP.Net to extract communication data from the resulted bin files).
Is it possible to get the Protocol (HTTP, FTP etc.) being used in a specific packet (no based on port number) using PCAP.Net?
Upvotes: 2
Views: 2053
Reputation: 1779
I know this is several years old, but using PCAP.net 1.0.2.76195 (several years old at the time of this writing), you can get it very simply like such
packet.Ethernet.IpV4.Protocol
For example, reading an icmp packet like this
Console.WriteLine(packet.Ethernet.IpV4.Protocol.ToString())
Shows this
InternetControlMessageProtocol
A TCP packet shows up as
Tcp
Upvotes: 1
Reputation: 6585
HTTP and FTP protocols are recognized by ports. Content might help as well.
As far as I know, there's no other way to recognize such packets.
Pcap.Net can't give you the protocol of the packet because there isn't a way to do that.
You can guess the protocol similar to how Wireshark guesses it using ports, content and other packets.
Upvotes: 2