Add a protocol in capture

[rezi]

I'm new here...

I added a protocol in options/protocol. The value is added in the registry and I'm able to see it in application response time window.

I do not see it when I do a capture, in the advance pannel. I tried to change an existing protocol in the settings and in the registry, but still no luck, even if I chnage gopher from 70 to 135 and capture gopher packets, it still captures TCP/70 packets.

Anyone knows how to deal with this?

 

[rwullems]

Hi,

Adding a protocol to your Sniffer at that level is only helpfull for monitoring applications.
For the decode, this is not working. If you want to add a "new" protocol to the decode screen of Sniffer, you will have to write a full protocol decode using the Sniffer PDK (Protocol Development Kit) wich you can download from the NIA website. The PDK is not further suppertoed by NAI, they only deliver it. It is complex to handle if you do not have the understanding of programming (i dont....)

So, in the decode screen, Sniffer will only decode (to him) known protocols using the original portnumbers. There is a very limited workaround there using the protocol forcing option, but the protocols offered there are limited.
Regards,

Robert

Robert A.H. Wullems
Sniffer University Instructor
SCM/CNX/MSCA
Citee Education
the Netherlands

 

[AlfSutherland]

Hi,
To add the protocol into the "ART" monitor feature, click "Options" and select "display protocols", and select the protocol(s) you require.
If you want to capture packets using source and destination port 135, you need to set up a "data pattern" filter. It needs to look like;

OR - TCP Destination Port
PAT - TCP Destination port 135
PAT - TCP Source port 135

The pattern edit for the Destination port should look like;

Packet Hex Offser=24
00 87

The pattern edit for the source port is the same but with the offset being 22"

Hope this helps.
Alf