TCP Data Fields and Properties
Fields:
TCP.Port - Filters on the Source or Destination port. Used to find traffic based on port which is often associated with an application.
TCP.Port==80 // filters on the default port for HTTP traffic.
TCP.Flags.Reset - Can be used to test and see if the reset flag is set.
TCP.Window - Window Size of the current TCP frame, but ignoring the scale factor. See Property.TCPWindowSize below.
Properties:
Property.TCPRetransmit - A property that is set when a TCP retransmit is found. Retransmits are often an indication of a network infrastructure problem and network congestion.
Property.TCPRetransmit == 1 // Finds all frames that have been retransmitted.
Property.TCPPayloadLength - Represents the TCP Payload Size.
Property.TCPCheckSumStatus - This is a string that represents if the checksum is valid or not. This could be "Good" or "Bad".
Property.TCPDescription - A property to show the TCP Description for the current frame as opposed to the top most protocol description.
Property.TCPAckNumber - The current frame Acknoledgement Number
Property.TCPSeqNumber - The current frames Sequence Number
Property.TCPSeqeunceRange - The TCP Sequence range which is the current seq number to the current seq plus the length of the tcp payload.
Property.TCPShortAckNumber - A WORD representation of the Ack number to make it easy to compare and remember.
Property.TCPShortSeqNumber - A WORD representation of the Seq number to make it easy to compare and remember.
Property.TCPWindowSize - The Window Size for the current frame including the scaling factor if the 3 way handshake is availalbe.
Comments
- Anonymous
January 01, 2003
thanks - Anonymous
November 19, 2015
I need to write a program in c# which will calculate total bytes sent and received by specific port such as 80, 443 etc. I saw NetmonAPI.cs file but I am not able to find which specific API should I use. Can anyone give me step by step way to achieve this using netmon api? - Anonymous
November 19, 2015
I you look in the help, you can find some detailed example code. Specifically there is one that dumps out fields you specify. Using this technique you can extract the important fields, like TCPPayloadLength, TCP.SrcPort and TCP.DstPort, and then calculate the stats you need.