很酷的微软网络抓包分析工具Microsoft Network Monitor(3.4)
Posted on 2009-12-09 11:36 Brucegao 阅读(6759) 评论(3) 编辑 收藏 举报以下我使用过程中遇到的一个问题,我是用它来解析 RPL协议。这是我的一封邮件!
Hi ***,
Thanks for your quick reply. And the following is the description about this issue.
The capture and related document I used here is in attached file.
Note: “Res_rplcapture.cap” capture is assembling from “rplcapture.cap” which is provided by ***
1. The capture is parsed rightly till the highlight “Style”, look at the picture:
Picture <1>
2. From the below, we know the second “Style” should not be present, for the highlight color capture data is a Unicode-String data, and after this Unicode-String data is an end-flag “FF FF”,
Picture <2>
3. So we could make something to consume exactly the Unicode-String , so we add “FF” after the first “Style” that can jump out of the structure “InlineSharedElementProperties”, and look the status:
Picture <3>
4. From the picture <3> ,the Unicode-String parsed rightly, and to my surprise, more capture data have been parsed , but the subsection “Style” of “reportItems” have the same issue, if we add “FF” after it , it will be parser more capture data, look at it,
Picture <4-1> before add “FF”
Picture <4-2> after add “FF”
5. Also add “FF” after “Style” in picture <4-2> , we get the following result:
Picture <5>
6. We parsed more capture data, and the last “reportItems” is new present, within it after adding “FF”, before the highlight “12”, it will be parser more.
Picture <6>
7. ……, that’s the question, and there is identical issue in another HTTP capture data. Maybe you will say it’s something wrong with the NPL file, please look at the key description about the “Style” in document (be attached), then search “RPLStyle” in parser file (be attached), I think there is no exception with it.
Picture <7>
Appendix: I don’t know if what I said is clear, if so, please let me know your opinion; if not, please tell me your doubt, thank you so much!
Best Regards
Bruce
/Files/brusegao/Res_rplcapture.zip
Microsoft Network Monitor可以去MS官网下载!
