These functions can be used for specific byte-level analysis, which can be helpful in identifying traffic that is not natively classified, extracting details that are not normally extracted, or looking for signatures in data payloads for specific kinds of traffic.
--- Extracts up to four bytes from a packet (1 based). int GetPacketBytes(packet, startbyte, endbyte) |
--- Extracts up to four bytes from a packet (0 based). int GetPacketData(packet, startbyte, endbyte) |
--- Determines the size of a packet in bytes. int GetPacketLength(packet) |
--- Extract N bytes from any part of the packet. --- startbyte and endbyte are optional parameters. If not provided, the entire packet is returned. string GetPacketString(packet, startbyte, endbyte) |
--- Determines the header offset when a VLAN ID exists. int GetVlanOffset(packet) |
--- Extracts up to four bytes from the packet payload only. int GetPayloadData(packet, startbyte, endbyte) |
--- Determines the size of a packet's payload in bytes. int GetPayloadLength(packet) |
--- Extract N bytes from any part of the packet payload. --- payloadStartbyte and payloadEndbyte are optional parameters. If not provided, the entire payload is returned. --- payloadStartbyte and payloadEndbyte are zero-based indexes into the payload. --- In finding the start of the Ethernet payload, this function will account for Ethernet header bytes associated --- with the source and destination Ethernet addresses, optional VLAN tagging, and the ethertype field. string GetPayloadString(packet, payloadStartbyte, payloadEndbyte) |
--- Converts a binary string to a hexadecimal string. string StringToHex(binaryString) |
--- Converts the binary string to a Hex Dump that looks like the following: --- 00000000 1F 19 7F A1 42 69 6E 61 72 79 C3 F3 0A FF 0D 00 ....Binary...... --- 00000010 82 95 AB B4 CC 53 74 72 69 6E 67 12 A5 .....String.. --- Where special characters are replaced with a period on the right side. string HexDump(binaryString) |
