Hello, I am working with developing an application that uses the Netmon 3.2 API. Currently they have a PInvoke wrapper to access unmanaged C++ DLL functions.
Basically what I am attempting to do is rewrite an example application (written in C++ and provided in their documentation) in C#. Everything compiles fine and executes, but I have no .cap file at the end of the run. Some things that may be wrong: the ADAPTER_INDEX is not correct OR the IntPtr associated with the capture file is not getting passed correctly. Interesting note: when I set a breakpoint in the callback function the program never enters this block (which it should leading me to suspect the ADAPTER_INDEX)
Here is my code: -
-
using System;
-
using System.Collections.Generic;
-
using System.Linq;
-
using System.Text;
-
using Microsoft.Protocols.TestTools.Netmon.API;
-
using System.Windows.Forms;
-
using System.Threading;
-
using System.Runtime.InteropServices;
-
using System.IO;
-
-
-
namespace Network_Monitor_Demo
-
{
-
public struct Constants
-
{
-
public static UInt32 ADAPTER_INDEX = 0;
-
}
-
-
public class Netmon
-
{
-
-
public Netmon()
-
{
-
-
uint ret;
-
-
-
//Open a capture file for saving frames.
-
string path = @"C:\\Capture\\10sec.cap";
-
-
IntPtr myCapFile;
-
uint CapSize;
-
ret = NetmonAPI.NmCreateCaptureFile(path, 20000000, NmCaptureFileFlag.WrapAround, out myCapFile, out CapSize);
-
if (ret != 0)
-
{
-
MessageBox.Show("Error Opening Capture File" + "10sec.cap");
-
return;
-
}
-
-
//Open the capture engine
-
IntPtr myCaptureEngine;
-
ret = NetmonAPI.NmOpenCaptureEngine(out myCaptureEngine);
-
-
if (ret != 0)
-
{
-
MessageBox.Show("Error opening capture engine.");
-
NetmonAPI.NmCloseHandle(myCapFile);
-
return;
-
-
}
-
-
ret = NetmonAPI.NmConfigAdapter(myCaptureEngine, Constants.ADAPTER_INDEX, new CaptureCallbackDelegate(FrameIndicationCallback), myCapFile, NmCaptureCallbackExitMode.ReturnRemainFrames);
-
-
if (ret != 0)
-
{
-
MessageBox.Show("Error configuration adapter.");
-
NetmonAPI.NmCloseHandle(myCaptureEngine);
-
NetmonAPI.NmCloseHandle(myCapFile);
-
-
return;
-
}
-
-
MessageBox.Show("Capturing for 10 seconds.");
-
NetmonAPI.NmStartCapture(myCaptureEngine, Constants.ADAPTER_INDEX, NmCaptureMode.Promiscuous);
-
-
-
-
Thread.Sleep(10000);
-
-
-
MessageBox.Show("Stopping Capture.");
-
NetmonAPI.NmStopCapture(myCaptureEngine, Constants.ADAPTER_INDEX);
-
NetmonAPI.NmCloseHandle(myCaptureEngine);
-
NetmonAPI.NmCloseHandle(myCapFile);
-
-
return;
-
-
}
-
-
-
public void FrameIndicationCallback(IntPtr hCapEng, UInt32 ulAdatIdx, IntPtr pContext, IntPtr hRawFrame)
-
{
-
IntPtr capFile = pContext;
-
NetmonAPI.NmAddFrame(capFile, hRawFrame);
-
}
-
-
}
-
}
-
-
And here is the code provided in the Network Monitor API documentation, doing the same thing in C++. Network Monitor 3.2 is a free download from Microsoft Downloads. -
#include "windows.h"
-
#include "stdio.h"
-
#include "stdlib.h"
-
#include "objbase.h"
-
#include "ntddndis.h"
-
#include "NMApi.h"
-
-
#define ADAPTER_INDEX 0
-
-
void __stdcall
-
MyFrameIndication(HANDLE hCapEng, ULONG ulAdaptIdx, PVOID pContext, HANDLE hRawFrame)
-
{
-
HANDLE capFile = (HANDLE)pContext;
-
NmAddFrame(capFile, hRawFrame);
-
}
-
-
int __cdecl wmain(int argc, WCHAR* argv[])
-
{
-
ULONG ret;
-
-
// Open a capture file for saving frames.
-
HANDLE myCapFile;
-
ULONG CapSize;
-
ret = NmCreateCaptureFile(L"20sec.cap", 20000000, NmCaptureFileWrapAround, &myCapFile, &CapSize);
-
if(ret != ERROR_SUCCESS)
-
{
-
wprintf(L"Error opening capture file, 0x%X\n", ret);
-
return ret;
-
}
-
-
// Open the capture engine.
-
HANDLE myCaptureEngine;
-
ret = NmOpenCaptureEngine(&myCaptureEngine);
-
if(ret != ERROR_SUCCESS)
-
{
-
wprintf(L"Error opening capture engine, 0x%X\n", ret);
-
NmCloseHandle(myCapFile);
-
return ret;
-
}
-
-
ret = NmConfigAdapter(myCaptureEngine, ADAPTER_INDEX, MyFrameIndication, myCapFile);
-
if(ret != ERROR_SUCCESS)
-
{
-
wprintf(L"Error configuration adapter, 0x%X\n", ret);
-
NmCloseHandle(myCaptureEngine);
-
NmCloseHandle(myCapFile);
-
return ret;
-
}
-
-
wprintf(L"Capturing for 20 seconds\n");
-
NmStartCapture(myCaptureEngine, ADAPTER_INDEX, NmLocalOnly);
-
-
Sleep(20000);
-
-
wprintf(L"Stopping capture\n");
-
NmStopCapture(myCaptureEngine, ADAPTER_INDEX);
-
NmCloseHandle(myCaptureEngine);
-
NmCloseHandle(myCapFile);
-
-
return 0;
-
}
-
-
-
4  4663 
I can't say for sure if it matters or not, but have you considered moving the code out of the constructor and into a function?
It might behave a little nicer.
Also, your adapter index is always 0, are you sure that is not the loopback adapter?
Additionally, have you installed WDK? According to the NetMon documentation this is a prerequisite to successfully use the code sample you've posted.
I'd also double check the following line from your code that differs from the NetMon sample: -
NetmonAPI.NmStartCapture(myCaptureEngine, Constants.ADAPTER_INDEX, NmCaptureMode.Promiscuous);
-
I imagine you'd need to make sure your network card supports promiscuous mode (many do not) and, if it does, put it into promiscuous mode somehow before starting the capture.
promiscuous mode really only matters if you have an older network structure.
A newer-switch will not route traffic down your port if it shouldn't go to you, so promiscuous mode doesn't buy you much.
Hubs will. And I *believe* older switches might.
I had a wireless card that supported promiscuous mode (they corrected it later) so I could watch every other wireless card's traffic. It was especially fun when I disconnected from an endpoint and was able to pick up multiple endpoint's traffic.
Thanks guys for your help. It was the Adapter Index, my wireless card was adapter 3. So I had to implement a method for enumerating and finding the active internet connections adapter and using that index.
The sad thing was I only tested adapters 0 1 and 2 before I posted.... hahhah.
Well thanks again!
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Lou |
last post by:
What is the C# equivelent of the VB .Net "IntPtr"
i need to pass it to the File System object?
|
by: vipin |
last post by:
Hi All
Is IntPtr a managed or unmanaged data type in c#
Do I need to be doing
Intptr = IPtr
fixed(void * ptr = (void *)IPtr
....
|
by: Christian Westerlund |
last post by:
Hi!
I'm trying to use P/Invoke and a Method which takes an IntPtr where I am
supposed to put an address to a method which the native method will use
to communicate back to me. How do I convert a...
|
by: TT (Tom Tempelaere) |
last post by:
Hi,
In my project I need to use VirtualAlloc (kernel32) to allocate memory to
ensure that data is 4K aligned. I need to fill the data block with file
contents. I notice that there are no 'Read'...
|
by: Tamir Khason |
last post by:
I have a pointer to array and I want to apply indexing to this Array so I
have function (name it IntPrt Func) to go to certain member I can use (as
C++) Func, but in C# I recieve an error "Cannot...
|
by: Robin Tucker |
last post by:
I need to marshal an IntPtr (which I've got from GlobalLock of an HGLOBAL)
into a byte array. I know the size of the array required and I've got a
pointer to the blob, but I can't see how to copy...
|
by: Shawn B. |
last post by:
Greetings,
Me again.
I have (roughly) the following code:
HANDLE hConsoleOutput;
HANDLE hConsoleInput;
|
by: Abra |
last post by:
I have an application where I need to send a inter-process message (a
data stream) that contains among other the address of a function (member
of a class).
For that, I need to serialize it, so I...
|
by: Serge BRIC |
last post by:
My application, written in .NET VB, tries to get a communication port handle
from a TAPI object with this code:
Dim vFileHandle As Byte() = appel.GetIDAsVariant("comm/datamodem")
The...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| | |
