GetProtocolStartOffset

The GetProtocolStartOffset function returns the offset to a specified protocol in the frame.

DWORD GetProtocolStartOffset(
  HFRAME hFrame,      
  LPSTR ProtocolName  
);
 

Parameters

hFrame
Specifies a handle to the frame.
ProtocolName
Specifies the protocol name, such as "TCP."

Return Values

The DWORD offset to the beginning of the protocol being searched for, or zero.

Remarks

Given the handle to a frame, this function returns the offset to a specified protocol in the frame. For example, the DNS (Domain Name Service) parser needs the port address of the TCP protocol to determine if the frame is a DNS frame. The DNS parser would call this API with "TCP" as the ProtocolName. If the frame has been recognized by the TCP protocol, then the WORD offset from the beginning of the frame to the beginning of the TCP frame is returned. If there is no TCP protocol, then a zero is returned.

This function finds the start of a protocol in a frame.