Can Experts be created that display live captures

Feb 1, 2010 at 7:51 PM

Hello I am new to Codeplex and I'm currently looking for an interesting project as an MSc student and was wondering whether it is possible to create an expert which can capture and display live data rather than from a saved capture file?


Feb 2, 2010 at 9:47 PM
Edited Feb 2, 2010 at 9:48 PM

Hi and Welcome!

Currently our notion of Experts here will analyze saved captures only, but the Network Monitor API has an interface to let you capture network traffic directly.

You can find our C++ CHM example code up here in the downloads section, and our documentation covers the API required to capture live network data.

From there, you can use the expert samples to hook in a parser engine to breakdown the data and analyze it in more detail.

The main differences are that the source of a frame for Experts is generally the capture file, but you can receive the same type of handle through our API callback and start processing from there.

You can even choose to save those frames received on the wire that meet your criteria to a new capture file.

Hope that gives you a good starting point, if you need more information, please feel free to ask more questions.


Michael Hawker | Program Manager | Network Monitor Team

Feb 3, 2010 at 3:10 PM

Thanks Michael, it looks like network monitor API has a huge potential and will put it forward as a possible project. I managed to get the top users expert working (after installing .net and mschart) and was impressed.

Feb 3, 2010 at 6:00 PM
Edited Feb 3, 2010 at 6:00 PM

Glad to hear it.

If you have any questions about the API, feel free to ask them here or on our TechNet forum.

We'll be happy to help,