[Winpcap-users] Protocol Identification using Payload Content

Isara Anantavrasilp isara.a at gmail.com
Mon May 5 19:00:17 GMT 2008


Hi,

First of all, I am sorry if my question is not directly related to winpcap.
(Actually, I really have no idea where to ask exactly.)

Anyway, my problem is as follows.
After I collect packets with winpcap and save them into a packet trace.
I need to identify the protocols of the packets.
So I also capture small fractions of payloads to help me identify the
packets as well.

It turns out that the protocol signatures that I have are not enough
to identify most of the packets.
Do you have any idea where I can get the protocol signatures?
And by "protocol signatures", I mean the specific strings or contents
of the protocols.
(Like some HTTP packets got "GET" or "POST" in the packets.)

Thank you very much.

Cheers,
Isara Anantavrasilp


More information about the Winpcap-users mailing list