TCP Data Fields and Properties


TCP.Port – Filters on the Source or Destination port.  Used to find traffic based on port which is often associated with an application.

TCP.Port==80    // filters on the default port for HTTP traffic.

TCP.Flags.Reset – Can be used to test and see if the reset flag is set.

TCP.Window – Window Size of the current TCP frame, but ignoring the scale factor. See Property.TCPWindowSize below.


Property.TCPRetransmit – A property that is set when a TCP retransmit is found.  Retransmits are often an indication of a network infrastructure problem and network congestion.

Property.TCPRetransmit == 1    // Finds all frames that have been retransmitted.

Property.TCPPayloadLength – Represents the TCP Payload Size.

Property.TCPCheckSumStatus – This is a string that represents if the checksum is valid or not.  This could be “Good” or “Bad”.

Property.TCPDescription – A property to show the TCP Description for the current frame as opposed to the top most protocol description.

Property.TCPAckNumber – The current frame Acknoledgement Number

Property.TCPSeqNumber – The current frames Sequence Number

Property.TCPSeqeunceRange – The TCP Sequence range which is the current seq number to the current seq plus the length of the tcp payload.

Property.TCPShortAckNumber – A WORD representation of the Ack number to make it easy to compare and remember.

Property.TCPShortSeqNumber – A WORD representation of the Seq number to make it easy to compare and remember.

Property.TCPWindowSize – The Window Size for the current frame including the scaling factor if the 3 way handshake is availalbe.

Comments (3)

  1. NetMon API says:

    I need to write a program in c# which will calculate total bytes sent and received by specific port such as 80, 443 etc. I saw NetmonAPI.cs file but I am not able to find which specific API should I use. Can anyone give me step by step way to achieve this
    using netmon api?

  2. Paul E Long says:

    I you look in the help, you can find some detailed example code. Specifically there is one that dumps out fields you specify. Using this technique you can extract the important fields, like TCPPayloadLength, TCP.SrcPort and TCP.DstPort, and then calculate
    the stats you need.