John, There's a bunch of steps that you need to go through to extract soap messages. Do you need help conceptually with how to do that? Or, do you have a specific question about how to read a .pcap file (with all the raw packet info in it)? If it's a specific question about how to read a .pcap file, I can send you some code for that.
There's no magic filter that you can specify to get only soap/xml packet from a .pcap file. You have to read each raw packet and decode the TCP header and figure out which host IP address and port (80 for http) this packet is from/to. Then you have to get the payload out and check the application header to see if this is a soap/xml packet. Lastly, you may have to re-sequence the packets (packet order) using the TCP seqnum and concatenate packets (one soap message may require multiple packets). You can filter based on host, protocol, and port number (host 192.168.1.1 tcp port 80) to limit the raw packet stream. DC Park, Chong SuhX wrote: > > I am trying to build a window application ( using visual studio 2008) > to collect (extract) soap/xml message from pcap file. I read WinPcap > document and followed many function calls but didn’t find a filter or > example that does allow me to extract soap messages from .pcap file > using wpcap.lib > > Can anyone give me an advice on how I can achieve this kind of thing? > > Thank you in advance! > > - John > > ------------------------------------------------------------------------ > > _______________________________________________ > Winpcap-users mailing list > [email protected] > https://www.winpcap.org/mailman/listinfo/winpcap-users > _______________________________________________ Winpcap-users mailing list [email protected] https://www.winpcap.org/mailman/listinfo/winpcap-users
