Installing Your Protocol Parser DLL To the Network Monitor

This section uses the Finger protocol to show installation steps.

    To install a protocol parser DLL to the network monitor
  1. Edit the PARSER.INI file and add your protocol:
    ;============================================================
    ;   Network Monitor parser/protocol initialization file.
    ;============================================================
    
    [PARSERS]
        FRAME.DLL   = 0: FRAME
        MAC.DLL     = 0: ETHERNET, TOKENRING, FDDI, TMAC
        LLC.DLL     = 0: LLC, RPL, SNAP, BPDU
        NETBIOS.DLL = 0: NETBIOS
        SMB.DLL     = 0: SMB
        XNS.DLL     = 0: XNS
        IPX.DLL     = 0: IPX, SAP, RIPX, NMPI, NBIPX, SPX
        TCPIP.DLL   = 0: IP, ARP_RARP, ICMP, UDP, NBT, TCP, DNS, TELNET, ...
        NCP.DLL     = 0: NCP
        ATALK.DLL   = 0: LAP, AARP, DDP, RTMP, NBP, ATP, PAP, ASP, ZIP, ...
        BONE.DLL    = 0: BONE
        MSRPC.DLL   = 0: MSRPC
        BROWSER.DLL = 0: BROWSER
        PPP.DLL     = 0: PPP, LCP
        FINGER.DLL  = 0: FINGER
    
    [FRAME]
        Comment     = "Base frame properties"
        FollowSet   = PPP, ETHERNET, TOKENRING, FDDI
        HelpFile    =
    
    [BROWSER]
        Comment     = "MS Browser"
        FollowSet   = 
        HelpFile    =
    
    [FINGER]
        Comment     = "TCP Finger, port 79"
        FollowSet   = 
        HelpFile    =
    
    ...
     
  2. Edit \PARSERS\TCPIP.INI under the Network Monitor Installed directory and add Finger to the handoff setup of TCP. See Handoffset Parsers.
  3. Run Network Monitor and load a .CAP file that contains a Finger frame. Verify that the handoff worked correctly.
  4. Start writing the protocol parser. Remove the code that applies only to RemAPI. Note that the CommandSET defined for RemAPI will not work for Finger. However, the protocol that you are writing a parser for probably has a similar command field, so you may be able to convert this one.

    Note Previous parsers hand off to the Finger parser. However, you may be writing a parser that appears in the follow set of another parser instead. If so, you need to add your protocol to the follow set in the PARSER.INI file of any preceding protocols, and modify the RecognizeFrame in your parser to determine whether the data belongs to your protocol.