Discussion in 'Port Explorer' started by Airking, Oct 5, 2006.
Does anyone know if the data from Socket Spy Packet Sniffer can be saved as a text file?
Here is what the help in my copy says.. Wanted to give a small pic but system wont let me... What it means is that you can write your own extractor... looks simple.
The capture.bin file (located in your Port Explorer directory if you've used Socket Spy to capture data) is of a simple, custom format, and is documented here for programmers who may wish to make their own capture.bin analysis/viewing programs.
Packets are stored in consecutive order in the capture.bin file, with each packet preceded by a header and filename.
The header is stored with the process filename (with null terminating character) immediately following it, with the captured packet (of size dwBufsize) immediately following the filename, which is in turn followed by the next header and packet, and so on.
DWORD headerID; //always "SPY_"
UCHAR sendrecv; //1 if sending 0 if receive
SPYTIME creation; //when this packet was sent/recvd
USHORT bufsize; //length of filedata
USHORT namesize; //length of filename
DWORD footerID; //always 0x12345678
unsigned day : 5; //day from 1-31
unsigned month : 4; //month from 1-12
unsigned year : 6; //2000 + whatever value in here
unsigned hour : 5; //hour from 0-23
unsigned minute : 6; //minute from 1-59
unsigned second : 6; //second from 1-59
SPYPACKET total size 34 bytes
Separate names with a comma.