Hello, I am working with developing an application that uses the Netmon 3.2 API. Currently they have a PInvoke wrapper to access unmanaged C++ DLL functions.
Basically what I am attempting to do is rewrite an example application (written in C++ and provided in their documentation) in C#. Everything compiles fine and executes, but I have no .cap file at the end of the run. Some things that may be wrong: the ADAPTER_INDEX is not correct OR the IntPtr associated with the capture file is not getting passed correctly. Interesting note: when I set a breakpoint in the callback function the program never enters this block (which it should leading me to suspect the ADAPTER_INDEX)
Here is my code: -
-
using System;
-
using System.Collections.Generic;
-
using System.Linq;
-
using System.Text;
-
using Microsoft.Protocols.TestTools.Netmon.API;
-
using System.Windows.Forms;
-
using System.Threading;
-
using System.Runtime.InteropServices;
-
using System.IO;
-
-
-
namespace Network_Monitor_Demo
-
{
-
public struct Constants
-
{
-
public static UInt32 ADAPTER_INDEX = 0;
-
}
-
-
public class Netmon
-
{
-
-
public Netmon()
-
{
-
-
uint ret;
-
-
-
//Open a capture file for saving frames.
-
string path = @"C:\\Capture\\10sec.cap";
-
-
IntPtr myCapFile;
-
uint CapSize;
-
ret = NetmonAPI.NmCreateCaptureFile(path, 20000000, NmCaptureFileFlag.WrapAround, out myCapFile, out CapSize);
-
if (ret != 0)
-
{
-
MessageBox.Show("Error Opening Capture File" + "10sec.cap");
-
return;
-
}
-
-
//Open the capture engine
-
IntPtr myCaptureEngine;
-
ret = NetmonAPI.NmOpenCaptureEngine(out myCaptureEngine);
-
-
if (ret != 0)
-
{
-
MessageBox.Show("Error opening capture engine.");
-
NetmonAPI.NmCloseHandle(myCapFile);
-
return;
-
-
}
-
-
ret = NetmonAPI.NmConfigAdapter(myCaptureEngine, Constants.ADAPTER_INDEX, new CaptureCallbackDelegate(FrameIndicationCallback), myCapFile, NmCaptureCallbackExitMode.ReturnRemainFrames);
-
-
if (ret != 0)
-
{
-
MessageBox.Show("Error configuration adapter.");
-
NetmonAPI.NmCloseHandle(myCaptureEngine);
-
NetmonAPI.NmCloseHandle(myCapFile);
-
-
return;
-
}
-
-
MessageBox.Show("Capturing for 10 seconds.");
-
NetmonAPI.NmStartCapture(myCaptureEngine, Constants.ADAPTER_INDEX, NmCaptureMode.Promiscuous);
-
-
-
-
Thread.Sleep(10000);
-
-
-
MessageBox.Show("Stopping Capture.");
-
NetmonAPI.NmStopCapture(myCaptureEngine, Constants.ADAPTER_INDEX);
-
NetmonAPI.NmCloseHandle(myCaptureEngine);
-
NetmonAPI.NmCloseHandle(myCapFile);
-
-
return;
-
-
}
-
-
-
public void FrameIndicationCallback(IntPtr hCapEng, UInt32 ulAdatIdx, IntPtr pContext, IntPtr hRawFrame)
-
{
-
IntPtr capFile = pContext;
-
NetmonAPI.NmAddFrame(capFile, hRawFrame);
-
}
-
-
}
-
}
-
-
And here is the code provided in the Network Monitor API documentation, doing the same thing in C++. Network Monitor 3.2 is a free download from Microsoft Downloads. -
#include "windows.h"
-
#include "stdio.h"
-
#include "stdlib.h"
-
#include "objbase.h"
-
#include "ntddndis.h"
-
#include "NMApi.h"
-
-
#define ADAPTER_INDEX 0
-
-
void __stdcall
-
MyFrameIndication(HANDLE hCapEng, ULONG ulAdaptIdx, PVOID pContext, HANDLE hRawFrame)
-
{
-
HANDLE capFile = (HANDLE)pContext;
-
NmAddFrame(capFile, hRawFrame);
-
}
-
-
int __cdecl wmain(int argc, WCHAR* argv[])
-
{
-
ULONG ret;
-
-
// Open a capture file for saving frames.
-
HANDLE myCapFile;
-
ULONG CapSize;
-
ret = NmCreateCaptureFile(L"20sec.cap", 20000000, NmCaptureFileWrapAround, &myCapFile, &CapSize);
-
if(ret != ERROR_SUCCESS)
-
{
-
wprintf(L"Error opening capture file, 0x%X\n", ret);
-
return ret;
-
}
-
-
// Open the capture engine.
-
HANDLE myCaptureEngine;
-
ret = NmOpenCaptureEngine(&myCaptureEngine);
-
if(ret != ERROR_SUCCESS)
-
{
-
wprintf(L"Error opening capture engine, 0x%X\n", ret);
-
NmCloseHandle(myCapFile);
-
return ret;
-
}
-
-
ret = NmConfigAdapter(myCaptureEngine, ADAPTER_INDEX, MyFrameIndication, myCapFile);
-
if(ret != ERROR_SUCCESS)
-
{
-
wprintf(L"Error configuration adapter, 0x%X\n", ret);
-
NmCloseHandle(myCaptureEngine);
-
NmCloseHandle(myCapFile);
-
return ret;
-
}
-
-
wprintf(L"Capturing for 20 seconds\n");
-
NmStartCapture(myCaptureEngine, ADAPTER_INDEX, NmLocalOnly);
-
-
Sleep(20000);
-
-
wprintf(L"Stopping capture\n");
-
NmStopCapture(myCaptureEngine, ADAPTER_INDEX);
-
NmCloseHandle(myCaptureEngine);
-
NmCloseHandle(myCapFile);
-
-
return 0;
-
}
-
-
-
4  4619 
I can't say for sure if it matters or not, but have you considered moving the code out of the constructor and into a function?
It might behave a little nicer.
Also, your adapter index is always 0, are you sure that is not the loopback adapter?
Additionally, have you installed WDK? According to the NetMon documentation this is a prerequisite to successfully use the code sample you've posted.
I'd also double check the following line from your code that differs from the NetMon sample: -
NetmonAPI.NmStartCapture(myCaptureEngine, Constants.ADAPTER_INDEX, NmCaptureMode.Promiscuous);
-
I imagine you'd need to make sure your network card supports promiscuous mode (many do not) and, if it does, put it into promiscuous mode somehow before starting the capture.
promiscuous mode really only matters if you have an older network structure.
A newer-switch will not route traffic down your port if it shouldn't go to you, so promiscuous mode doesn't buy you much.
Hubs will. And I *believe* older switches might.
I had a wireless card that supported promiscuous mode (they corrected it later) so I could watch every other wireless card's traffic. It was especially fun when I disconnected from an endpoint and was able to pick up multiple endpoint's traffic.
Thanks guys for your help. It was the Adapter Index, my wireless card was adapter 3. So I had to implement a method for enumerating and finding the active internet connections adapter and using that index.
The sad thing was I only tested adapters 0 1 and 2 before I posted.... hahhah.
Well thanks again!
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Lou |
last post by:
What is the C# equivelent of the VB .Net "IntPtr"
i need to pass it to the File System object?
|
by: vipin |
last post by:
Hi All
Is IntPtr a managed or unmanaged data type in c#
Do I need to be doing
Intptr = IPtr
fixed(void * ptr = (void *)IPtr
....
|
by: Christian Westerlund |
last post by:
Hi!
I'm trying to use P/Invoke and a Method which takes an IntPtr where I am
supposed to put an address to a method which the native method will use
to communicate back to me. How do I convert a...
|
by: TT (Tom Tempelaere) |
last post by:
Hi,
In my project I need to use VirtualAlloc (kernel32) to allocate memory to
ensure that data is 4K aligned. I need to fill the data block with file
contents. I notice that there are no 'Read'...
|
by: Tamir Khason |
last post by:
I have a pointer to array and I want to apply indexing to this Array so I
have function (name it IntPrt Func) to go to certain member I can use (as
C++) Func, but in C# I recieve an error "Cannot...
|
by: Robin Tucker |
last post by:
I need to marshal an IntPtr (which I've got from GlobalLock of an HGLOBAL)
into a byte array. I know the size of the array required and I've got a
pointer to the blob, but I can't see how to copy...
|
by: Shawn B. |
last post by:
Greetings,
Me again.
I have (roughly) the following code:
HANDLE hConsoleOutput;
HANDLE hConsoleInput;
|
by: Abra |
last post by:
I have an application where I need to send a inter-process message (a
data stream) that contains among other the address of a function (member
of a class).
For that, I need to serialize it, so I...
|
by: Serge BRIC |
last post by:
My application, written in .NET VB, tries to get a communication port handle
from a TAPI object with this code:
Dim vFileHandle As Byte() = appel.GetIDAsVariant("comm/datamodem")
The...
|
by: linyimin |
last post by:
Spring Startup Analyzer generates an interactive Spring application startup report that lets you understand what contributes to the application startup time and helps to optimize it. Support for...
|
by: erikbower65 |
last post by:
Here's a concise step-by-step guide for manually installing IntelliJ IDEA:
1. Download: Visit the official JetBrains website and download the IntelliJ IDEA Community or Ultimate edition based on...
|
by: kcodez |
last post by:
As a H5 game development enthusiast, I recently wrote a very interesting little game - Toy Claw ((http://claw.kjeek.com/))。Here I will summarize and share the development experience here, and hope it...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 6 Sept 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM)
The start time is equivalent to 19:00 (7PM) in Central...
|
by: Taofi |
last post by:
I try to insert a new record but the error message says the number of query names and destination fields are not the same
This are my field names
ID, Budgeted, Actual, Status and Differences
...
|
by: Rina0 |
last post by:
I am looking for a Python code to find the longest common subsequence of two strings. I found this blog post that describes the length of longest common subsequence problem and provides a solution in...
|
by: DJRhino |
last post by:
Private Sub CboDrawingID_BeforeUpdate(Cancel As Integer)
If = 310029923 Or 310030138 Or 310030152 Or 310030346 Or 310030348 Or _
310030356 Or 310030359 Or 310030362 Or...
|
by: lllomh |
last post by:
Define the method first
this.state = {
buttonBackgroundColor: 'green',
isBlinking: false, // A new status is added to identify whether the button is blinking or not
}
autoStart=()=>{
|
by: DJRhino |
last post by:
Was curious if anyone else was having this same issue or not....
I was just Up/Down graded to windows 11 and now my access combo boxes are not acting right. With win 10 I could start typing...
| | |
