locked
HTML page contents RRS feed

  • Question

  • Hi,

    is there a way to create a filter based on the html page content?

    Thursday, January 13, 2011 7:30 PM

Answers

  • At this point we have not let anybody redistribute our DLL.  The main reason is that it creates a potential for multiple versions of the DLL.  When we update our product we have control over the udpate.  If somebody redistributes the DLL, then there's a chance that two versions get on the machine and this will cause odd behavior which is difficult to troubleshoot and destablizes the platform.  We understand that this isn't ideal and we are looking at this problem in future versions.

    For now, the best solution we can suggest is to install Network Monitor automatically when you do your install.  You can chain the install to automatically launch the Network Monitor install from the network.  We understand that for isntalls on machine with no Internet Access this causes a problem, but there's always a tradeoff.

    Paul

     

    • Marked as answer by Hadi Amini Friday, January 21, 2011 4:08 PM
    Friday, January 21, 2011 4:04 PM

All replies

  • The best way is to search the entire frame for text, ie ContainsBin(FrameData, ASCII, "sometext").  This will find any frame data with this text.  You could add "AND TCP.Port==80" if you wanted to narrow it down further.

    One thing that makes this tricky is that HTTP can be fragmented across TCP.  So if you narrowed down the filter by adding "HTTP" you might miss something.  BTW, using the reassembled trace by hitting the button might work around this, but I think the method above is easier.  Especially if you are searching for something pretty unique.

    Thanks,

    Paul

     

    • Proposed as answer by Paul E Long Tuesday, January 18, 2011 7:20 PM
    Thursday, January 13, 2011 9:54 PM
  • thank you for reply,

    I used the ContainsBin filter it works good for english language, but in utf8 based charset html pages I cannot filter the local language words I am working on persian words(rtl,complex) it returns nothing in the filter

    Thursday, January 20, 2011 10:55 AM
  • For that scenario, you'll have to translate the text into Hexidecimal.  Then you can use this version of ContainsBin.  For instance:

    ContainsBin(FrameData, Hex, "A0 55 B1")

    If you don't know how to get teh Hex values, we can probably figure out a way to do that as well.

    Paul

    Thursday, January 20, 2011 7:46 PM
  • Thank you very much

    I had another question also, I am working on a project that uses your NM as a part for monitoring network communications, AFAIK license of NM is not portable and users must download MSNM themselves, is it possible in some special cases to add the NM pack in software pack? or in the future may this license change?

    Thursday, January 20, 2011 8:48 PM
  • At this point we have not let anybody redistribute our DLL.  The main reason is that it creates a potential for multiple versions of the DLL.  When we update our product we have control over the udpate.  If somebody redistributes the DLL, then there's a chance that two versions get on the machine and this will cause odd behavior which is difficult to troubleshoot and destablizes the platform.  We understand that this isn't ideal and we are looking at this problem in future versions.

    For now, the best solution we can suggest is to install Network Monitor automatically when you do your install.  You can chain the install to automatically launch the Network Monitor install from the network.  We understand that for isntalls on machine with no Internet Access this causes a problem, but there's always a tradeoff.

    Paul

     

    • Marked as answer by Hadi Amini Friday, January 21, 2011 4:08 PM
    Friday, January 21, 2011 4:04 PM
  •  

    Hello again and sorry for disturb

    My NM version is 3.4.2350, I used the byte codes -I opened a saved html in VS binary editor and found the code- but when I used the code I found nothing for 3 combined byte codes search, I think it's because of Gzip compression and the frames are as was(compressed), how can I overcome this ?

    Thursday, January 27, 2011 5:19 PM