Need log format for Local Network Monitor

Home Forums Discussions Support Need log format for Local Network Monitor

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • August 25, 2009 at 3:04 am #5299
    dwm
    Participant

      I’ve an eval copy of the LocalNetworkMonitor and it seems to capture the data I need from the 127.0.0.1 interface and seems able to filter the double entry bookkeeping nicely, but what I need to do is capture the data in a file I can feed to my other analysis tools. Ideally, I’d like to export in TCPDUMP/PCAP format so it would just work.

      Since I have an eval, I can’t just try the write log file option. Will it write in the TCPDUMP format? If not, does it write the full IP packets so I can convert to the format I need?

      Thanks,
      Dave Morris

      September 3, 2009 at 4:02 pm #6831
      Anton
      Participant

        Dave,

        Local Network Monitor uses the following format for packets logging:

        50 19:57:07:167 ICQ.exe:3084 Completion 8A2229B0 Connection TCP Send 127.0.0.1:6754 127.0.0.1:33333 TDI_SUCCESS 16
        Packet data:
        00002A 02 4D 71 00 0A 00 01 00 06 00 00 00 00 00 06 *.Mq…………

        51 19:57:07:276 ICQ.exe:3084 Completion 875F7D00 Connection TCP Disconnect 10.30.18.221:6733 92.241.170.164:80 TDI_SUCCESS 16
        DisconnectFlags:=00000000
        Timeout = 0 ms
        52 19:57:07:276 ICQ.exe:3084 Origination 875F7D00 Connection TCP Close socket 10.30.18.221:6733 92.241.170.164:80 TDI_SUCCESS 0
        53 19:57:07:276 ICQ.exe:3084 Origination 879A5940 Address TCP Close socket 0.0.0.0:6733 0.0.0.0:0 TDI_SUCCESS 0
        54 19:57:07:307 ICQ.exe:3084 Completion 8A2229B0 Connection TCP Recv 127.0.0.1:6754 127.0.0.1:33333 TDI_MORE_PROCESSING 0

        Regards,
        Anton.

      • Author
        Posts
      Viewing 2 posts - 1 through 2 (of 2 total)
      • You must be logged in to reply to this topic.