Saving Socket Spy Data

Discussion in 'Port Explorer' started by Airking, Oct 5, 2006.

Thread Status:
Not open for further replies.
  1. Airking

    Airking Registered Member

    Jun 22, 2005
    Does anyone know if the data from Socket Spy Packet Sniffer can be saved as a text file?
  2. Hermescomputers

    Hermescomputers Registered Member

    Jan 9, 2006
    Toronto, Ontario, Canada, eh?
    Here is what the help in my copy says.. Wanted to give a small pic but system wont let me... What it means is that you can write your own extractor... looks simple.

    The capture.bin file (located in your Port Explorer directory if you've used Socket Spy to capture data) is of a simple, custom format, and is documented here for programmers who may wish to make their own capture.bin analysis/viewing programs.
    Packets are stored in consecutive order in the capture.bin file, with each packet preceded by a header and filename.

    The header is stored with the process filename (with null terminating character) immediately following it, with the captured packet (of size dwBufsize) immediately following the filename, which is in turn followed by the next header and packet, and so on.


    #pragma pack(1)

    struct SPYPACKET
    DWORD headerID; //always "SPY_"
    DWORD pid;
    UCHAR sendrecv; //1 if sending 0 if receive
    UCHAR protocol;
    DWORD localaddr;
    USHORT localport;
    DWORD remoteaddr;
    USHORT remoteport;
    SPYTIME creation; //when this packet was sent/recvd
    USHORT bufsize; //length of filedata
    USHORT namesize; //length of filename
    DWORD footerID; //always 0x12345678

    struct SPYTIME
    unsigned day : 5; //day from 1-31
    unsigned month : 4; //month from 1-12
    unsigned year : 6; //2000 + whatever value in here
    unsigned hour : 5; //hour from 0-23
    unsigned minute : 6; //minute from 1-59
    unsigned second : 6; //second from 1-59

    #pragma pack()

    SPYPACKET total size 34 bytes
Thread Status:
Not open for further replies.