Network Sniffer - Software network packet sniffer & protocol analyzer for Windows
Download Device Monitoring Studio Hide this button

Packet Builder

Network Monitor allows you to construct one or more packets and send them via the selected adapter to the network. New packets are created based on a template. Network Monitor comes with a set of predefined templates:

Template is an empty packet of some type, that is a packet, which does not have any payload, but does have the infrastructure: flags, sizes and selectors.

A template may be used as a starting point to construct more complex packet. For example, you may start with an IP packet template and eventually construct an HTTP packet. You may also use this technique to construct packets for user-defined protocols (if they are loaded into Network Monitor).

A constructed packet may be saved as a template using the Packet Builder » Save as Template… command.

Packet Editing

After the packet is added to the list, you may edit it either using the binary representation (lower pane) or its decoded form (upper pane). The binary pane also supports copying and pasting, so you can copy a monitored packet from one of data visualizers and paste it into the binary pane to get a copy of the packet. This copy may later be edited and sent back to the network.

Both panes are synchronized: you can edit the same packet in one or both panes.

NOTE

Some protocols have a checksum field that is used to check if the packet is valid or not. Network Monitor provides automatic checksum calculation for IP and TCP packets. You must manually compute and update checksum for any other kind of packet that have checksum incorporated. Other protocols also have payload size. Network Monitor does not automatically update any size field!

The upper pane displays the packet contents according to the loaded protocol definition files. Click on the small plus sign to expand a sub-tree and click on the small minus sign to collapse the sub-tree. Double-click the line to edit the value. After you finish entering the new value, click the Enter key to save changes or Esc key to discard them.

You are restricted to editing only the “leaf” values (fields that cannot be further expanded). In addition, Network Monitor has built-in parsers for the following network addresses:

For these fields, you may double-click the address field and enter the new value directly (like 127.0.0.1). Your input will be parsed accordingly.