Guided TcpRuleRecvProto Example

This example illustrates how to write a recording rule for the Siebel 6 Thin Client.

This client is an ActiveX control that runs in a Web browser. A recorded script consists of one WebPageUrl() call followed by TCP/IP traffic from the ActiveX control. Without recording rules, the server responses are scripted by WebTcpipRecvExact() calls.

Portion of a Recorded Siebel 6 TCP/IP Script

  "\h00000030000000000000000000000001" // ···0············ 00000000
  "\h0000000C0000001C0000019100000000" // ················ 00000010
  "\h00000020000002580000000C00000000" // ··· ···X········ 00000020
  "\h00000000", 52); // ···· 00000030
WebTcpipRecvExact(hWeb0, NULL, 40);

Server responses can be analyzed with the help of TrueLog Explorer.

Each response contains a protocol header consisting of 4 bytes that specify the number of bytes following the protocol header. This length specification is in big endian notation (most significant byte first).

With these findings a recording rule can be written, as shown below.

Recording Rule for Siebel 6 Thin Client TCP/IP Traffic

<?xml version="1.0" encoding="UTF-8" ?>
    <Name>Siebel TCP Protocol</Name>

This rule specifies that the protocol header contains the length of the data block at offset 0 using 4 bytes. Using this rule, the Recorder generates scripts that use the function WebTcpipRecvProto() for the server responses, as shown below.

Portion of a Recorded Script using Recording Rules

  "\h00000030000000000000000000000001" // ···0············ 00000000
  "\h0000000C0000001C0000019100000000" // ················ 00000010
  "\h0000001F000002580000000C00000000" // ·······X········ 00000020
  "\h00000000", 52); // ···· 00000030
WebTcpipRecvProto(hWeb0, 0, 4);

Scripts recorded with this rule replay correctly even when the number of bytes to be received differs from the number of bytes received during recording.