2

In order to parse network traffic I'm using PCAP.Net (I run splitcap on a given PCAP file and using PCAP.Net to extract communication data from the resulted bin files).

Is it possible to get the Protocol (HTTP, FTP etc.) being used in a specific packet (no based on port number) using PCAP.Net?

Kevin
  • 4,586
  • 23
  • 35
doubleM
  • 133
  • 4
  • 15

2 Answers2

2

HTTP and FTP protocols are recognized by ports. Content might help as well.

As far as I know, there's no other way to recognize such packets.

Pcap.Net can't give you the protocol of the packet because there isn't a way to do that.

You can guess the protocol similar to how Wireshark guesses it using ports, content and other packets.

brickner
  • 6,595
  • 3
  • 41
  • 54
  • thanks for the answer. I was afraid that the only way to find packets using protocols in non conventional port is by parsing / finding key words in its content. – doubleM Aug 04 '13 at 07:47
1

I know this is several years old, but using PCAP.net 1.0.2.76195 (several years old at the time of this writing), you can get it very simply like such

packet.Ethernet.IpV4.Protocol

For example, reading an icmp packet like this

Console.WriteLine(packet.Ethernet.IpV4.Protocol.ToString())

Shows this

InternetControlMessageProtocol

A TCP packet shows up as

Tcp
TwinPrimesAreEz
  • 1,699
  • 1
  • 12
  • 16