Feb 2, 2010 at 8:47 PM
Edited Feb 2, 2010 at 8:48 PM
Hi and Welcome!
Currently our notion of Experts here will analyze saved captures only, but the Network Monitor API has an interface to let you capture network traffic directly.
You can find our C++ CHM example code up here in the downloads section, and our documentation covers the API required to capture live network data.
From there, you can use the expert samples to hook in a parser engine to breakdown the data and analyze it in more detail.
The main differences are that the source of a frame for Experts is generally the capture file, but you can receive the same type of handle through our API callback and start processing from there.
You can even choose to save those frames received on the wire that meet your criteria to a new capture file.
Hope that gives you a good starting point, if you need more information, please feel free to ask more questions.
Michael Hawker | Program Manager | Network Monitor Team