doubleM
doubleM

Reputation: 133

Extract network packets protocol using PCAP.Net

In order to parse network traffic I'm using PCAP.Net (I run splitcap on a given PCAP file and using PCAP.Net to extract communication data from the resulted bin files).

Is it possible to get the Protocol (HTTP, FTP etc.) being used in a specific packet (no based on port number) using PCAP.Net?

Upvotes: 2

Views: 2053

Answers (2)

TwinPrimesAreEz
TwinPrimesAreEz

Reputation: 1779

I know this is several years old, but using PCAP.net 1.0.2.76195 (several years old at the time of this writing), you can get it very simply like such

packet.Ethernet.IpV4.Protocol

For example, reading an icmp packet like this

Console.WriteLine(packet.Ethernet.IpV4.Protocol.ToString())

Shows this

InternetControlMessageProtocol

A TCP packet shows up as

Tcp

Upvotes: 1

brickner
brickner

Reputation: 6585

HTTP and FTP protocols are recognized by ports. Content might help as well.

As far as I know, there's no other way to recognize such packets.

Pcap.Net can't give you the protocol of the packet because there isn't a way to do that.

You can guess the protocol similar to how Wireshark guesses it using ports, content and other packets.

Upvotes: 2

Related Questions