NetMon中的Stub Parsers的概念

今天使用Netmon分析一个网络包, 发现别人给我的截图里有TDS协议的细节, 而我的netmon里看不到.

 

按照无法解析的协议部分的提示, 找到了Netmon帮助的相关部分.

 

信息如下:

Tds: Windows stub parser: Requires full Common parsers. See the "How Do I Change Parser Set Options" help topic for tips on loading these parser sets.

 

解决方案

====================

    1. On the Tools menu, click Options, and then click Parser.
    2. Click the row containing the files for which to load full or stub parsers, for example,
                 Common or Windows.
    3. On the toolbar, click Stubs to switch stubs on or off.
                 If the folder does not contain a stub file implementation, the Stubs button is disabled.
    4. Click Save and Reload Parsers.
    5. After the parsers have loaded, click OK.

 

好了, 我的Netmon也能看到TDS协议的细节内容了. 下面列出了一些NetMon中相关的基本概念.

 

Concept of Stub Parsers

====================
A stub parser is a skeleton parser file that consists of only the protocol name, but does not contain any information on parsing the fields in the protocol. Parser packages can contain stub parsers for the full parsers that they install.

The Core package provides a set of protocols on the transport layer and below that enables basic parsing and filtering with high performance.

The Common package contains other public RFC protocols, as well as some key Windows protocols, and is enabled by default to enable a broad set of protocols.

The Windows package contains the remainder of the Microsoft Windows protocols, as found on MSDN, and OEM protocols. It is loaded as stubs only by default. The Windows package is also dependent on the Common parser set. Therefore, make sure the Common set is set to Full when turning the Windows set to Full.

To improve parsing performance at the cost of some accuracy and filtering ability, select Stubs for both Common and Windows. This provides the Core set of protocols, such as Ethernet, IPv4, IPv6, TCP, UDP, as full parsers. Selecting this option produces a significant increase in performance, while limiting filtering to low-level protocols.

 

译自:

NetMon帮助之How do I change parser set options.