[Winpcap-users] Soap Message Filter How?
David Chang
dchang at fsautomation.com
Wed Jul 8 17:26:51 PDT 2009
John,
There's a bunch of steps that you need to go through to extract soap
messages. Do you need help conceptually with how to do that? Or, do you
have a specific question about how to read a .pcap file (with all the
raw packet info in it)? If it's a specific question about how to read a
.pcap file, I can send you some code for that.
There's no magic filter that you can specify to get only soap/xml packet
from a .pcap file. You have to read each raw packet and decode the TCP
header and figure out which host IP address and port (80 for http) this
packet is from/to. Then you have to get the payload out and check the
application header to see if this is a soap/xml packet. Lastly, you may
have to re-sequence the packets (packet order) using the TCP seqnum and
concatenate packets (one soap message may require multiple packets). You
can filter based on host, protocol, and port number (host 192.168.1.1
tcp port 80) to limit the raw packet stream.
DC
Park, Chong SuhX wrote:
>
> I am trying to build a window application ( using visual studio 2008)
> to collect (extract) soap/xml message from pcap file. I read WinPcap
> document and followed many function calls but didn’t find a filter or
> example that does allow me to extract soap messages from .pcap file
> using wpcap.lib
>
> Can anyone give me an advice on how I can achieve this kind of thing?
>
> Thank you in advance!
>
> - John
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
More information about the Winpcap-users
mailing list