Sie sind auf Seite 1von 69

User Guide-PACKETYZER

Packetyzer User Guide

OPENXTRA Limited

User Guide-PACKETYZER

If you have any questions concerning network and system management visit the OPENXTRA we!site www"o#en$tra"com" %oin in with our discussion grou#s e$change ideas and views add your comments a!out a&& as#ects of network and system management"
P'( ))* +irst Edition Octo!er ,))-" .o#yrights trademarks and acknow&edgments" /indows /indows NT /indows ,))) /indows XP are co#yright of 0icrosoft .or#oration" Ethereal is o#en source and &icensed under the (N' (enera& Pu!&ic License" Packety1er is co#yright Ta1men Techno&ogies LL. and &icensed under the (N' (enera& Pu!&ic License" A&& other co#yrights and trademarks are the #ro#erty of their res#ective owners" OPENXTRA Limited Octo!er ,))-

OPENXTRA Limited

User Guide-PACKETYZER

Table of Contents
About this Guide.................................................1
Typographical Conventions........................................................

Introduction to Packetyzer................................. 2
!et"or# Types $upported.......................................................... % &ile &or'ats $upported.............................................................. ( $yste' Re)uire'ents................................................................. * +ain Tool ,ar............................................................................Capture Tool ,ar..................................................................... . /indo"s Tool ,ar.................................................................... *

Main Dis lay !creen..........................................."

!tartin# Packetyzer..........................................1$ Ca turin# Packets............................................ 1$


$tarting Pac#et Capture............................................................ 0 $topping Pac#et Capture.......................................................... %. Glo1al.................................................................................... % 2e3ault Capture....................................................................... %( Protocol 4ptions...................................................................... %5 /6A! 4ptions........................................................................ %Tree 2etails vie"..................................................................... %7 Pac#et 6ist vie"........................................................................ %8 9e: and A$C;; 2etails vie"...................................................... %8 2ecode Ta1............................................................................ %0 Protocols Ta1...........................................................................(. Connections Ta1..................................................................... ( $tatistics Ta1............................................................................(% /ireless Ta1........................................................................... (( &ilters Ta1............................................................................... (* $electing Pac#ets to vie".......................................................... (5

!ettin# Global % tions.....................................21

&ie' % tions.....................................................2(

)atch % tions.................................................. *"

OPENXTRA Limited

User Guide-PACKETYZER
Trac#ing TCP Tra33ic................................................................. ($earching 3or Pac#ets............................................................... (0

+ilterin# Packets...............................................,2
+a#ing an E:pression &ilter...................................................... *7 Advanced &ilters...................................................................... *8 Advanced &ilter E:a'ple.......................................................... *8 &iltering the Pac#et 2isplay.......................................................*0 Coloring Pac#ets......................................................................5. Create &ilter 3ro' Pac#et.......................................................... 5

Printin# Packet Details....................................."2 -ditin# and !endin# Packets........................... ",


Pac#et Editor........................................................................... 5* Editing Pac#ets........................................................................ 55 $ending Pac#ets...................................................................... 5-

Decodin# Packets.............................................".

OPENXTRA Limited

User Guide-PACKETYZER

OPENXTRA Limited

User Guide-PACKETYZER

About this Guide


A&though Packety1er is easy to set u# and use the inter#retation of decoded network traffic requires technica& know&edge and e$#erience" It is assumed throughout that you are fami&iar with the o#eration of Ethernet #acket formats and have some know&edge of network #rotoco&s" This guide is designed to he&# you with ty#ica& tasks that you want to #erform with the software" 2ow do I ca#ture #ackets3 2ow do I decode #ackets3 2ow do I #rint out #acket contents3 And so on" This task !ased a##roach shou&d he&# you find our way round the software quick&y and easi&y" Once you have &earned a few !asics you wi&& !e a!&e to #ick u# the rest as you go a&ong" /e have tried to su##&y you with a&& the su##orting uti&ities required to get the software working with the minimum of fuss" 4ou may find that directories other than the ones with the #roduct names wi&& have !een added for these uti&ities"

Typographical Conventions
Product names inside the te$t are in italics" Ti#s and im#ortant #oints to note are shown in !o$es &ike this5 Note5 This is how a ti# or #oint worth noting wi&& a##ear" 6te# !y ste# instructions are num!ered and shown in !o&d ty#e"

OPENXTRA Limited

User Guide-PACKETYZER

Introduction to Packetyzer
Packety1er is a new 'ser Interface for the we&& known Ethereal Protoco& Ana&y1er" /hereas Ethereal can run on various 'ni$ and Linu$ #&atforms Packety1er is s#ecifica&&y designed for 0icrosoft /indows users" Ethereal is we&& esta!&ished tried and tested and has many thousands of users wor&d wide" It is a very #owerfu& and rich&y featured ana&y1er !ut for /indows users the interface has !een unfami&iar in #&aces" Packety1er has the same range of decodes as Ethereal current&y over *)) covering a&& the common #rotoco&s and many of the more o!scure ones" It is un&ike&y that you wi&& come across a #rotoco& that cannot !e decoded" The Packety1er /indows user interface is e$ce#tiona&&y c&ear and we&& designed" The gra#hica& re#resentation of T.P Traffic f&ows is #articu&ar&y im#ressive and the im#rovements to set u# and use of ca#ture and dis#&ay +i&ters wi&& !e we&comed !y many users"

!et"or# Types $upported


Packety1er may !e used on a variety of networks" Live data can !e read from5

Ethernet +88I PPP Token9Ring /ire&ess LANs using IEEE :),"77

OPENXTRA Limited

User Guide-PACKETYZER

&ile &or'ats $upported


6ince Packety1er uses the same techno&ogy as Ethereal it can read fi&es from the same range of formats as that #roduct" A&& formats are hand&ed automatica&&y there is no need for the user to s#ecify a format to use" These inc&ude5

tc#dum# ;&i!#ca#< The native fi&e format su##orted" NAI=s 6niffer> ;com#ressed and uncom#ressed< 6niffer> Pro NetXray> 6un snoo# and atmsnoo# 6homiti?+inisar 6urveyor AIX=s i#trace 0icrosoft Network 0onitor Nove&&=s Lana&y1er RA8.O0 /AN?LAN Ana&y1er 2P9'X nett& i*!trace from the I68N*@68 #roAect .isco 6ecure I86 i#&og the ###d &og ;###dum#9format< /i&dPacket=s EtherPeek?TokenPeek?AiroPeek Bisua& Networks= Bisua& '#Time"

A&so reada!&e are trace fi&es from Lucent?Ascend /AN routers Toshi!a I68N routers te$t out#ut from the B06 T.PIPtrace uti&ity and the 8@6 Etherwatch uti&ity for B06"

OPENXTRA Limited

User Guide-PACKETYZER

$yste' Re)uire'ents
The under&ying techno&ogies are designed to run on a wide variety of hardware and therefore even a &ow s#ecification machine wi&& run the software" The Packety1er 'ser Interface is designed for use with any -, !it /indows #&atform" These inc&ude /indows XP ,))) and NT*" The e$act s#ecification of the machine required de#ends on a great many things" If the network is very !usy you wi&& need a fast machine with &ots of RA0" If the network is &ight&y &oaded you wi&& !e a!&e to use a &ower s#ecification machine" As a genera& ru&e we recommend a machine running5

/indows ,))) a 7(h1 #rocessor ,CD0 RA0 A network interface card for one of the su##orted network ty#es

If you find that the software is dro##ing #ackets or that the machine cannot kee# u# then try a faster machine or more RA0" If you don=t have a machine of the recommended s#ecification try it anyhow and see if the #erformance is acce#ta!&e" 4ou can use the ca#ture o#tions to reduce the amount of each #acket ca#tured or you can set fi&ters to reduce the num!er of #ackets ca#tured"

OPENXTRA Limited

User Guide-PACKETYZER

Main Dis lay !creen


The Packety1er 0ain 8is#&ay screen consists of three &arge #anes each dis#&aying a different view of the ca#tured #ackets"

The Tree 8etai&s Biew is norma&&y shown on the &eft with the Packet List Biew shown at the to# right and the 2e$ and A6.II 8etai&s Biew shown at the !ottom right" Note5 4ou may change the screen a##earance using the 6creen Layout !uttons on the .a#ture Too& @ar"

OPENXTRA Limited

User Guide-PACKETYZER

+ain Tool ,ar

The 0ain Too& @ar is at the to# of the screen" It contains the fo&&owing !uttons5

6tart?6to# the current ca#ture

Press to !egin a ca#ture" Press a second time to end a ca#ture" Note5 If mu&ti#&e ca#ture windows are o#en #ressing this !utton wi&& switch the current&y se&ected window ca#ture on or off" 'se the 6tart? 6to# !uttons in the individua& windows to contro& other ca#tures"

.reate a new ca#ture window

O#ens a new ca#ture window" 4ou can view and ca#ture in severa& windows at the same time"

O#en a ca#ture fi&e

O#ens a #revious&y ca#tured fi&e" 6ee (&o!a& O#tions 8efau&t .a#ture for how to set a name for the ca#ture fi&e"

OPENXTRA Limited

User Guide-PACKETYZER 6ave the current ca#ture

A&&ows you to save the current ca#ture" 6ee (&o!a& O#tions 8efau&t .a#ture for how to set a name and other #arameters for the ca#ture fi&e"

Print

Prints the detai&s of the current&y high&ighted #acket or grou# of #ackets" Packets may !e se&ected individua&&y or in a grou#" +ar# a group 1y holding $hi3t or Ctrl #eys and clic#ing on the re)uired pac#ets.

6earch for #ackets

A&&ows you to search for #ackets matching s#ecified criteria" 6ee 6earching for Packets"

6e&ect a !ackground co&or for se&ected #ackets

A&&ows you to co&or se&ected #ackets" Packets may !e se&ected individua&&y or in a grou#" $tep +ar# a group 1y holding $hi3t or Ctrl #eys and clic#ing on the re)uired pac#ets

OPENXTRA Limited

User Guide-PACKETYZER
$tep % Clic# the drop do"n $election $tep ( $elect a color 3or the 1ac#ground The high&ighted #ackets wi&& !e dis#&ayed in the se&ected co&or"

6e&ect a network ada#ter

6hows the interface on the ada#ter that wi&& !e used to ca#ture the #ackets" If more than one ada#ter is insta&&ed the dro# down !utton wi&& dis#&ay the fu&& &ist" 6im#&y se&ect an ada#ter" A !o$ shows additiona& Information a!out the ada#ter the Interface Name the Network Ty#e the 0A. Address 82.P and IP Address" 6ee (&o!a& O#tions 8efau&t .a#ture"

0odify (&o!a& O#tions

A&&ows you to change the settings" 6ee (&o!a& O#tions"

6how fi&ters

8is#&ays a &ist of .a#ture and 8is#&ay +i&ters" 6ee +i&tering Packets"

6how names

OPENXTRA Limited

User Guide-PACKETYZER
8evices may !e re#resented !y meaningfu& names rather than !y addresses" This !utton dis#&ays a &ist of named devices"

6how &ist of registered #&ugins

P&ugins are add9ons to the !asic software" These may !e u#dated from time to time as new fetures are added or im#roved" This !utton dis#&ays a &ist of #&ugins registered in the machine"

6how the #acket editor window

A&&ows you to edit ca#tured #ackets and resend them on the network" 6ee Editing Packets"

6how the on9&ine he&#

8is#&ays the on9&ine he&# system"

OPENXTRA Limited

User Guide-PACKETYZER

Capture Tool ,ar


The .a#ture Too& @ar contro&s the ca#ture in the current window" It contains the fo&&owing !uttons5

6tart?6to# the current ca#ture

Press to !egin a ca#ture" Press a second time to end a ca#ture" Note5 If mu&ti#&e ca#ture windows are o#en #ressing this !utton wi&& switch the current&y se&ected window ca#ture on or off" 'se the 6tart? 6to# !uttons in the individua& windows to contro& other ca#tures"

.hange ca#ture o#tions

A&&ows you to s#ecify a range of ca#ture o#tions"

7)

OPENXTRA Limited

User Guide-PACKETYZER

Ada#ter
A&&ows you to se&ect the ada#ter and interface to use from a dro# down &ist" If more than one ada#ter is avai&a!&e se&ect the one you require from the dro# down &ist"

.a#ture name
A&&ows you to s#ecify a name for the ca#ture fi&e"

Limit each #acket to


A&&ows you to &imit the amount of data ca#tured in each #acket" Limiting the &ength of each #acket makes the ca#ture fi&e sma&&er ;or co&&ects more #ackets in a fi$ed si1e !uffer< and s#eeds co&&ection on a !usy network" Note5 /hen tracking network #ro!&ems most fau&ts are identified in the #acket headers rather than in the user data so it is not usua&&y required to co&&ect user data"

OPENXTRA Limited

77

User Guide-PACKETYZER .a#ture #ackets in #romiscuous mode


Promiscuous mode a&&ows the ada#ter to ca#ture a&& the #ackets on the segment no matter what the addresses" 6witch this Off if you on&y want to ca#ture #ackets in and out of the &oca& machine"

Automatic scro&&ing during ca#ture


A&&ows the Packet List view to scro&& during ca#ture confirming that new #ackets are !eing ca#tured" Note5 On !usy networks this may s&ow ca#ture down" If you find that #ackets are missed switch this o#tion off" The Packets Received and Packets +i&tered counters wi&& continue to increase as #ackets arrive"

Limit tota& ca#ture to $$ ki&o!ytes


A&&ows you to s#ecify an amount of s#ace to set aside for the ca#ture fi&es"

Reuse ca#ture !uffer when it is fu&&


.&ick this if you want the !uffer to !e reused" This is known as a =circu&ar !uffer=" Once the !uffer is fi&&ed and a new #acket arrives the first #acket is re#&aced !y the new one then the second and so on" 6ee a&so (&o!a& O#tions 8efau&t .a#ture"

.&ear a&& #ackets from this session

8iscards a&& the ca#tured #ackets without saving them and c&ears the 0ain screen" Note5 If you sto# a ca#ture and restart without #ressing the .&ear a&& #ackets from this session !utton the ca#ture wi&& resume a##ending #ackets to those #revious&y ca#tured"

7,

OPENXTRA Limited

User Guide-PACKETYZER 6creen Layout !uttons

These a&&ow you to customi1e the a##earance of the 0ain 6creen" The first !utton shows the standard three views" The second !utton shows the three views one a!ove the other" The third !utton shows on&y the Packet List view and the 2e$ and A6.II 8etai&s view" The fourth !utton shows on&y the Packet List view" Note that views can !e resi1ed !y #ositioning the cursor on the edge and dragging to the required si1e"

Packets Received
8is#&ays the num!er of #ackets received"

Packets +i&tered
8is#&ays the num!er of #ackets that have !een fi&tered" 8uring ca#ture this wi&& !e the num!er of #ackets ca#tured in a trace fi&e it wi&& !e the num!er of #ackets that #assed the +i&ters set"

0emory usage
8is#&ays the #ercentage of memory used" The amount of memory is set using the (&o!a& O#tions 8efau&t .a#ture Limit tota& ca#ture to o#tion"

OPENXTRA Limited

7-

User Guide-PACKETYZER

/indo"s Tool ,ar


The /indows Too& @ar #rovides an a&ternative method of accessing o#tions" O#tions are grou#ed under the headings +i&e Edit 6ession /indows and 2e&#" /here a##ro#riate shortcut keys are shown on the dro# down menus"

+i&e
O#tions for5 New .a#ture O#ens a new ca#ture window" .&ick on the 6tart the current ca#ture !utton to !egin ca#turing #ackets" O#en O#ens a &ist of #revious&y ca#tured fi&es" .&ick on a fi&e name to o#en it" .&ose .&oses the current session" 6ave 6aves the current session" 6ave As 6aves the current session to a new fi&e name" Print Prints the high&ighted #acket;s<" E$it .&oses Packety1er and e$its"

7*

OPENXTRA Limited

User Guide-PACKETYZER Edit


O#tions for5 .ut .uts the se&ected item;s<" .o#y .o#ies the se&ected item;s< to the /indows c&i#!oard" Paste Pastes the se&ected item;s< from the /indows c&i#!oard" +ind 6earches for #ackets" 4ou can find #ackets that match a s#ecified +i&ter or +i&ters or #ackets that contain a s#ecified string or #iece of te$t or a he$ va&ue" A&& #ackets matching your criteria are high&ighted on the Packets List view" Reset .o&ori1ation Resets #acket co&ors !ack to off" To set co&ors use the 6e&ection !utton on the 0ain Too& @ar" 6how A&& Packets 6hows a&& the #ackets in the Packet List view" 2ide 6e&ected Packets 2ides any #ackets a&ready high&ighted in the Packet List view" 2ide 'nse&ected Packets 2ides #ackets not high&ighted in the Packet List view" Invert 6e&ection Inverts the current #acket &ist se&ection so a&& #ackets high&ighted !ecome unse&ected and a&& not high&ighted !ecome se&ected"

OPENXTRA Limited

7C

User Guide-PACKETYZER
New /indow from 6e&ection O#ens a new /indow containing on&y the se&ected #ackets" (&o!a& O#tions O#ens the (&o!a& O#tions for setting u# the #acket ca#ture #arameters" 6ee (&o!a& O#tions 6e&ect Ada#ter A&&ows you to se&ect the network ada#ter to use and dis#&ays detai&ed information a!out the ada#ter"

6ession
O#tions for5 6tart .a#ture 6tarts a new ca#ture" 6to# .a#ture 6to#s the current ca#ture" Tree on &eft The defau&t three view &ayout" 6ee 6creen &ayout @uttons" 6tacked view 8is#&ays the three views one a!ove the other" 6ee 6creen Layout @uttons" 6how data #ane& E$#ands the Packet List view hides the A6.II and he$ view" 6ee 6creen Layout @uttons" 6how tree #ane& E$#ands the Tree view" 6ee 6creen Layout @uttons"

7D

OPENXTRA Limited

User Guide-PACKETYZER
.&ear Packets 8e&etes a&& the #ackets from the current ca#ture" 6end Packet 6end the se&ected #acket" 6ee Editing and 6ending Packets" .a#ture O#tions 6ee .hange ca#ture o#tions"

/indow
O#tions for5 6how +i&ter List 6hows the &ist of .a#ture?8is#&ay +i&ters" 6how P&ugin List 6hows the &ist of P&ugins" 6how Packet Editor O#ens the #acket editor" 6how Name List O#ens the device names &ist" .ascade Over&a#s the o#en windows" Ti&e 2ori1onta&&y Arranges the o#en windows hori1onta&&y" Ti&e Bertica& Arranges the o#en windows vertica&&y"

OPENXTRA Limited

7E

User Guide-PACKETYZER
0inimi1e A&& 0inimi1es the o#en windows" Arrange A&& Arranges the o#en windows" 6ee a&so 0ain Too& @ar .a#ture Too& @ar for detai&s of the !uttons"

2e&#
O#tions for5 Packety1er 2e&# O#ens the on&ine he&# system" A!out Packety1er 6hows detai&s of the Packety1er version and co#yright notices"

7:

OPENXTRA Limited

User Guide-PACKETYZER

!tartin# Packetyzer
6te# 7 8ou!&e c&ick on the Packety1er icon on your /indows 8eskto#

The Packety1er 0ain 6creen a##ears" Initia&&y the screen is !&ank !ut as #ackets are ca#tured the detai&s a##ear"

Ca turin# Packets
$tarting Pac#et Capture
6te# 7 8ou!&e c&ick on the Packety1er icon on your /indows 8eskto#

The Packety1er 0ain 6creen a##ears" Initia&&y the screen is !&ank !ut as #ackets are ca#tured the detai&s a##ear" 6te# , .&ick on the 6tart the current ca#ture !utton

Packets that match the criteria set in the current&y ena!&ed .a#ture +i&ters wi&& !egin to a##ear" 6ee +i&tering Packets .a#ture +i&ters for more detai&s"

OPENXTRA Limited

7F

User Guide-PACKETYZER
The Packet Received counter wi&& increment as #ackets are seen the Packets +i&tered counter wi&& increment when #ackets matching your +i&ters are ca#tured" 6ee .a#ture Too& @ar for more detai&s" Note5 If your +i&ters are very s#ecific you may have to wait for some time unti& any matching #ackets are ca#tured" Packets that do not match wi&& not !e ca#tured" In addition if you have Automatic scro&&ing during ca#ture ticked the Packet List view wi&& scro&& showing the #ackets ca#tured" 6ee (&o!a& O#tions 8efau&t .a#ture"

$topping Pac#et Capture


.&ick on the 6to# the current ca#ture !utton

Packet ca#turing sto#s"

,)

OPENXTRA Limited

User Guide-PACKETYZER

!ettin# Global % tions


(&o!a& o#tions a&&ows you to set defau&ts that a##&y to a&& #acket ca#tures" Note5 4ou can a&so set o#tions for each se#arate ca#ture window using the .hange .a#ture O#tions !utton"

Glo1al
The (&o!a& O#tions screen has the fo&&owing ta!s5

OPENXTRA Limited

,7

User Guide-PACKETYZER Reso&ve 0A. addresses


Tick this !o$ if you want the software wi&& attem#t to re#&ace 0edia Access .ontro& ;0A.< addresses !y names"

Reso&ve network addresses


Tick this !o$ if you want the software wi&& attem#t to re#&ace network addresses !y names"

Reso&ve trans#ort names


Tick this !o$ if you want the software wi&& attem#t to re#&ace trans#ort addresses !y names"

Ask !efore c&osing session


Tick this !o$ if you want the software to offer you the o#tion of saving ca#tures !efore the software shuts down"

,,

OPENXTRA Limited

User Guide-PACKETYZER

2e3ault Capture
8efau&t .a#ture o#tions a&&ows you to set defau&ts that a##&y to the current ca#ture"

Ada#ter
A&&ows you to se&ect the ada#ter to use to #erform the ca#ture" If more than one ada#ter is avai&a!&e se&ect one from the dro# down &ist" .&ick on the required ada#ter to se&ect it"

OPENXTRA Limited

,-

User Guide-PACKETYZER .a#ture name


A&&ows you to s#ecify a name for the ca#ture fi&e"

Limit each #acket to


A&&ows you to &imit the amount of data ca#tured in each #acket" Limiting the &ength of each #acket makes the ca#ture fi&e sma&&er ;or co&&ects more #ackets in a fi$ed si1e !uffer< and s#eeds co&&ection on a !usy network" Note5 /hen tracking network #ro!&ems most fau&ts are identified in the #acket headers rather than in the user data so it is not usua&&y required to co&&ect user data"

.a#ture #ackets in #romiscuous mode


Promiscuous mode a&&ows the ada#ter to ca#ture a&& the #ackets on the segment no matter what the addresses" 6witch this Off if you on&y want to ca#ture #ackets in and out of the &oca& machine"

Automatic scro&&ing during ca#ture


A&&ows the Packet List view to scro&& during ca#ture confirming that new #ackets are !eing ca#tured" Note5 On !usy networks this may s&ow ca#ture down" If you find that #ackets are missed switch this o#tion off"

Limit tota& ca#ture to $$ ki&o!ytes


A&&ows you to s#ecify an amount of s#ace to set aside for the ca#ture fi&es"

Reuse ca#ture !uffer when it is fu&&


.&ick this if you want the !uffer to !e reused" This is known as a =circu&ar !uffer=" Once the !uffer is fi&&ed and a new #acket arrives the first #acket is re#&aced !y the new one then the second and so on"

,*

OPENXTRA Limited

User Guide-PACKETYZER
6ee a&so (&o!a& O#tions (&o!a&"

Protocol 4ptions
A&&ows you to set any #rotoco& s#ecific #arameters and o#tions" 8efau&ts are set for a&& o#tions"

+or e$am#&e in IP v* the TO6 fie&d was origina&&y used to request the Ty#e of 6ervice required !ut is often used today as the 8ifferentiated 6ervices fie&d" 6etting the o#tion here a&&ows you to decide how you want the fie&d decoded"

OPENXTRA Limited

,C

User Guide-PACKETYZER

/6A! 4ptions
A&&ows you to set any /ire&ess LAN s#ecific #arameters and o#tions"

6etting Loca& .a#ture O#tions

,D

OPENXTRA Limited

User Guide-PACKETYZER

&ie' % tions
The screen is s#&it into three views with a series of ta!s at the !ottom"

Tree 2etails vie"


The view on the &eft dis#&ays ca#tured #ackets in a tree showing the frame detai&s and the further &ayers of #rotoco&" .&icking the #&us sign o#ens u# further detai&s" Right c&ick for the fo&&owing o#tions"

OPENXTRA Limited

,E

User Guide-PACKETYZER .o#y


.o#ies the #acket"

E$#and A&&
O#ens a&& the !ranches of the tree"

.o&&a#se A&&
.&oses a&& the !ranches of the tree"

Pac#et 6ist vie"


The view on the to# right shows #acket num!er addresses a summary #acket &ength and timing information"

Reordering the co&umns


.&ick on a co&umn heading to reorder" .&ick once for ascending order c&ick again for descending order"

9e: and A$C;; 2etails vie"


The view on the &ower right shows the contents of the #acket in he$ and in A6.II formats" Right c&ick for the fo&&owing o#tions"

.o#y
A&&ows you to co#y #art or a&& of the #acket into any A##&ication that acce#ts te$t data" 4ou may c&ick on any #art of the #acket on this view or on the Tree 8etai&s view" Right c&ick on a #acket for the fo&&owing o#tions"

,:

OPENXTRA Limited

User Guide-PACKETYZER

2ecode Ta1

This is the defau&t screen" It dis#&ays detai&s of #ackets ca#tured in three views the Tree detai&s Packet List and 2e$ and A6.II 8etai&s" The screen &ayout can !e changed !y using the 6creen Layout !uttons on the .a#ture Too& @ar or from the /indows 0enu @ar"

OPENXTRA Limited

,F

User Guide-PACKETYZER

Protocols Ta1

8is#&ays detai&s of a&& the #rotoco&s and su! #rotoco&s ca#tured in a tree" .&ick on a #&us ;G< sign to e$#and a !ranch on a minus ;9< sign to co&&a#se a !ranch" 6ee 8ecoders 6u##orted for a &ist of #rotoco&s that can !e decoded" If you want to change the way something is decoded see 8ecode As on the Packet List"

-)

OPENXTRA Limited

User Guide-PACKETYZER

Connections Ta1

A co&or coded !ar gra#h dis#&ays the activity !etween each #air of IP addresses" 2igher &ayer #rotoco&s are shown a&ong with #ort num!ers the #ercentage of traffic on each conversation and !yte and #acket counts" Inc&udes detai&s of we!sites visited if the o#tion to Reso&ve names is se&ected" 6ee (&o!a& O#tions (&o!a&"

OPENXTRA Limited

-7

User Guide-PACKETYZER

$tatistics Ta1

8is#&ays a statistica& !reakdown of the #ackets ca#tured" The 6ummary inc&udes 6tart Time 8uration Tota& #ackets and !ytes +i&tered #ackets and 'ti&i1ation statistics" Note5 This screen shows entries for :),"77 /ire&ess connections even if no interface is avai&a!&e"

-,

OPENXTRA Limited

User Guide-PACKETYZER

/ireless Ta1

8is#&ays detai&s of wire&ess LAN connections"

OPENXTRA Limited

--

User Guide-PACKETYZER

&ilters Ta1

8is#&ays a &ist of a&& the .a#ture and 8is#&ay +i&ters defined" 6ee +i&tering Packets"

-*

OPENXTRA Limited

User Guide-PACKETYZER

)atch % tions
Packety1er=s /atch o#tions a&&ow you to fi&ter the dis#&ay to show #ackets !ased on addresses #rotoco&s #orts and session"

$electing Pac#ets to vie"


6ource
Right c&ick on a #acket in the &ist se&ect /atch this 6ource Address On&y #ackets with this 6ource Address are &isted"

8estination
Right c&ick on a #acket in the &ist se&ect /atch this 8estination Address On&y #ackets with this 8estination Address are &isted"

Protoco&
Right c&ick on a #acket in the &ist se&ect /atch this Protoco& On&y #ackets with this Protoco& are &isted"

6ource Port
Right c&ick on a #acket in the &ist se&ect /atch this 6ource Port On&y #ackets with this 6ource Port are &isted"

8estination Port
Right c&ick on a #acket in the &ist se&ect /atch this 8estination Port On&y #ackets with this 8estination Port are &isted"

OPENXTRA Limited

-C

User Guide-PACKETYZER /atch this 6ession


Right c&ick on a #acket in the &ist se&ect /atch this 6ession On&y #ackets invo&ved in the session are &isted"

Reset /atches
Resets the #acket &ist to its unfi&tered form"

Trac#ing TCP Tra33ic


Packety1er a&&ows you to track the f&ow of #ackets at the T.P &eve&" Right c&ick on a #acket in the &ist se&ect +o&&ow T.P +&ow A new window o#ens showing a !reakdown of the T.P Traffic" There are two ta!s 8ecode and Trace" Note5 The #acket you se&ect must !e some ty#e of T.P #acket"

-D

OPENXTRA Limited

User Guide-PACKETYZER 8ecode


This view shows the contents of the #ackets" In this e$am#&e the traffic is 2TTP on #ort :) !ut it can !e any kind of T.P traffic" Packets transmitted are shown in red" Packets received are shown in !&ue"

OPENXTRA Limited

-E

User Guide-PACKETYZER Trace


Trace shows the f&ow of #ackets !etween the end #oints" Two !o$es at the to# of the screen show the Addresses and the Ports used !y the #ackets" Packets transmitted are shown in red" Packets received are shown in !&ue"

This diagram makes it easy to check that #ackets are #ro#er&y synchroni1ed and acknow&edged and that connections are setu# and terminated correct&y"

-:

OPENXTRA Limited

User Guide-PACKETYZER

$earching 3or Pac#ets


Packety1er has a very #owerfu& faci&ity for finding #ackets that contain #articu&ar data strings or that match user defined +i&ters" Note5 This feature on&y high&ights #ackets it does not fi&ter the &ist and redis#&ay the #ackets" To do this see 8is#&ay +i&tering" Clic# the $earch 1utton

The +ind Packets screen a##ears"

OPENXTRA Limited

-F

User Guide-PACKETYZER 6earching for Packets that match a +i&ter


A &ist of defined +i&ters a##ears" 6te# 7 .&ick on the +i&ter;s< you require 6te# , .&ick +ind 6ee +i&tering Packets for detai&s of how to !ui&d .a#ture and 8is#&ay +i&ters"

+i&ter E$am#&e
In this e$am#&e we wi&& o#en a #revious&y ca#tured fi&e find a&& the ARP #ackets and co&or them" 6te# 7 .&ick +i&e O#en or c&ick the O#en !utton on the 0ain Too& !ar 6te# , 6e&ect a fi&e from the &ist c&ick the O#en !utton The #acket &ist and decode detai&s a##ear" 6te# - .&ick the 6earch !utton 6te# * Tick the !o$ ne$t to the +i&ter named ARP Note5 If you do not have an ARP +i&ter see +i&tering Packets for more detai&s" 6te# C .&ick +ind Packets matching the +i&ter wi&& !e high&ighted in the &ist" 6te# D .&ick .&ose

*)

OPENXTRA Limited

User Guide-PACKETYZER 6earching for Packets that contain a string


$tep Clic# the Containing a string 1o: $tep % Clic# on A$C;; or 9e:adeci'al $tep ( Type the A$C;; or 9e:adeci'al values in the 1o: $tep * Clic# &ind $tep 5 Clic# Close

.om!ining 6earches
Each successfu& search wi&& find one or more #ackets that match the criteria you have s#ecified" It is a&so #ossi!&e to #erform further searches and add the findings to the #revious ones" To add to a #revious search5 6te# 7 .&ick Add to current se&ection 6te# , .&ick +ind The new&y found #ackets are marked and added to any #revious&y found ones" $tep ( Clic# Close

OPENXTRA Limited

*7

User Guide-PACKETYZER

+ilterin# Packets
Packety1er=s fi&tering is one of the most #owerfu& and fu&&y featured avai&a!&e in any ana&y1er" It is #ossi!&e to fi&ter on everything from sim#&e addresses !oth 0A. and IP !y #rotoco& !y #ort num!er and to add com#&e$ e$#ressions" +i&tering on data s a&so #ossi!&e !y 2e$ va&ue or !y A6.II string" A&& +i&ters e&ements can !e com!ined to #roduce very com#&e$ +i&ters" Note5 Packety1er uses the same synta$ as Ethereal 8is#&ay +i&ters" 'n&ike Ethereal .a#ture and 8is#&ay +i&ters are identica& in Packety1er" /hen making +i&ters a!!reviations are used for #rotoco& names" Refer to the Packety1er 8ecoder Reference (uide for detai&s of a&& the #rotoco&s or to the on9&ine 2e&# system"

.a#ture +i&ters
On&y #ackets that match the criteria set in the ena!&ed +i&ters wi&& !e ca#tured" The Packet Received counter increments confirming that traffic is !eing seen !y the ada#ter the Packets +i&tered counter shows how many #ackets have #assed the +i&ters" 6ee a&so 8is#&ay +i&ters"

0aking a 6im#&e .a#ture +i&ter


6ee a&so .reate +i&ter from #acket for detai&s of how to use a ca#tured #acket as a tem#&ate for a new +i&ter" 6te# 7 Run Packety1er 6te# , .&ick the +i&ters Ta! on the 0ain 6creen Note5 It does not matter if the .a#ture +i&ter ta! or the 8is#&ay +i&ter ta! is se&ected"

*,

OPENXTRA Limited

User Guide-PACKETYZER
6te# - .&ick the .reate a new fi&ter !utton

The +i&ter 8esigner dia&og !o$ a##ears"

OPENXTRA Limited

*-

User Guide-PACKETYZER +i&tering !y 0A. or IP Address


6te# 7 .&ick the Address fi&ter !o$ 6te# , 6e&ect an Address Ty#e ;IP or Ethernet< 6te# - O#tiona&&y se&ect a 8irection ;Either 8irection 7 to , or , to 7< 6te# * 6e&ect an Address from the dro# down &ist or ty#e an Address $tep 5 Clic# 4K

+i&tering !y Protoco&
6te# 7 .&ick the Protoco& fi&ter !o$ 6te# , .&ick the Protoco&""" !utton A &ist of Protoco&s a##ears" 6te# - 6e&ect a Protoco& 6te# * .&ick OH

+i&tering !y Port num!er


6te# 7 .&ick the Port fi&ter !o$ 6te# , 6e&ect a Ty#e ;T.P or '8P< 6te# - O#tiona&&y se&ect a 8irection ;Either 8irection 7 to , or , to 7< 6te# * 6e&ect a known #ort from the dro# down &ist or ty#e a va&ue Note5 If you wish to s#ecify !oth #orts c&ick the Port , radio !utton se&ect a known #ort from the dro# down &ist or ty#e a va&ue" 6te# C .&ick OH Note5 4ou can !ui&d a more com#&e$ +i&ter !y com!ining any or a&& of the a!ove o#tions"

**

OPENXTRA Limited

User Guide-PACKETYZER A##&ying a +i&ter


Once you have !ui&t +i&ters you wi&& want to a##&y them to either the .a#ture or 8is#&ay" 6te# 7 .&ick the +i&ters ta! 6te# , 6e&ect the .a#ture +i&ter or 8is#&ay +i&ter ta! 6te# - .&ick on the +i&ters you require 6te# * .&ick A##&y If these are .a#ture +i&ters #ress the 6tart .a#ture !utton" If these are 8is#&ay +i&ters the #acket &ist wi&& !e fi&tered immediate&y" Note5 8is#&ay +i&ters affect the view of the #acket &ist they do not de&ete #ackets from the origina& fi&e" To see the fu&& &ist sim#&y remove the ticks from the 8is#&ay +i&ters"

+i&ter E$am#&e
In this e$am#&e we wi&& make a sim#&e fi&ter to ca#ture ARP ;Address Reso&ution Protoco&< #ackets" 6te# 7 Run Packety1er 6te# , .&ick the +i&ters Ta! on the 0ain 6creen Note5 It does not matter if the .a#ture +i&ter ta! or the 8is#&ay +i&ter ta! is se&ected" 6te# - .&ick the .reate a new fi&ter !utton

The +i&ter 8esigner dia&og !o$ a##ears" 6te# * Ty#e a name for the +i&ter +or this e$am#&e ty#e the name ARP"

OPENXTRA Limited

*C

User Guide-PACKETYZER
6te# C .&ick the Protoco& fi&ter !o$ 6te# D .&ick the Protoco&""" !utton 6te# E 6e&ect Address Reso&ution Protoco& 6te# : .&ick OH" The new ARP fi&ter a##ears in the &ist" To a##&y the +i&ter #erform the ste#s !e&ow" 6te# F Tick the !o$ to the &eft of the ARP +i&ter 6te# 7) .&ick A##&y The detai&s of the +i&ter a##ear in the .urrent +i&ter !o$" Note5 4ou can tick more than one +i&ter" The detai&s of a&& the se&ected +i&ters a##ear in the .urrent +i&ter !o$"

8u#&icating a +i&ter
8u#&icating a&&ows you to make a new +i&ter !ased on an e$isting one" 6te# 7 .&ick on the e$isting +i&ter name 6te# , .&ick the 8u#&icate a +i&ter !utton

A fi&e named 'ntit&ed +i&ter is made and added to the &ist" 6te# - Ty#e a name for the new +i&ter 6te# * .&ick OH

*D

OPENXTRA Limited

User Guide-PACKETYZER Biewing and 0odifying a +i&ter


'se this !utton to amend detai&s or to save a +i&ter under a different name" 6te# 7 .&ick the Biew and 0odify !utton

The +i&ter 8esigner screen a##ears" 6te# , Edit the name ;or any other detai&s< 6te# - .&ick OH The changes wi&& !e saved"

8e&eting a +i&ter
6te# 7 2igh&ight a +i&ter name 6te# , .&ick the 8e&ete !utton

The se&ected +i&ter wi&& !e de&eted from the &ist"

+a#ing an E:pression &ilter


0ore advanced +i&ters may !e constructed using mathematica& e$#ressions" This ty#e of +i&ter can !e made gra#hica&&y using the E$#ression +i&ter ta! or as te$t !y using the Advanced +i&ter Ta!" 6ee Advanced +i&ters !e&ow"

OPENXTRA Limited

*E

User Guide-PACKETYZER

Advanced &ilters
4ou may setu# very com#&e$ +i&ters for s#ecific ty#es of #ackets for s#ecified strings for s#ecific va&ues in 2e$ or A6.II or any com!ination of things" These +i&ters can !e !ui&t gra#hica&&y using the E$#ression +i&ter Ta! or !y direct&y editing the te$t strings" 4ou might for e$am#&e want to ca#ture s#ecific #ackets to and from #articu&ar IP addresses or you might want to view on&y #ackets containing a s#ecified te$t string"

Advanced &ilter E:a'ple


In this e$am#&e we wi&& make a fi&ter to ca#ture #ackets on&y which have a T.P A.H ;Acknow&edgment<" 6te# 7 Run Packety1er 6te# , .&ick the +i&ters Ta! on the 0ain 6creen Note5 It does not matter if the .a#ture +i&ter ta! or the 8is#&ay +i&ter ta! is se&ected" 6te# - .&ick the .reate a new fi&ter !utton

The +i&ter 8esigner dia&og !o$ a##ears" 6te# * Ty#e a name for the +i&ter +or this e$am#&e ty#e the name T.P A.H" 6te# C .&ick the Advanced +i&ter ta! 6te# D .&ick Add E$#ression""" 6te# E .&ick the #&us sign ;G< ne$t to Transmission .ontro& Protoco& 6te# : 6cro&& down the &ist to Acknow&edgment 6te# F .&ick the Re&ation !o$ dro# down

*:

OPENXTRA Limited

User Guide-PACKETYZER
6te# 7) 6e&ect Is #resent 6te#77 .&ick OH The va&ue tc#"f&ags"ack a##ears in the Advanced +i&ter Ta! !o$" 6te# 7, .&ick OH to save the new +i&ter The new T.P A.H fi&ter a##ears in the &ist" To a##&y the +i&ter #erform the ste#s !e&ow" 6te# 7- Tick the !o$ to the &eft of the ARP +i&ter 6te# 7* .&ick A##&y Note 5 If you are fami&iar with the e$#ressions used !y Ethereal 8is#&ay +i&ters you may ty#e them direct&y in the Advanced +i&ter !o$"

&iltering the Pac#et 2isplay


8is#&ay +i&ters are used to change the #ackets shown on the Packet List view on the 0ain 6creen" They do not affect how the #ackets are ca#tured or the overa&& statistics for the ca#tured fi&es" 8is#&ay +i&ters use the same +i&ter 6ynta$ as .a#ture +i&ters" A&& the o#tions avai&a!&e for ca#ture +i&ters a##&y to 8is#&ay +i&ters" 6ee5 0aking a 6im#&e .a#ture +i&ter .reate +i&ter from #acket 8u#&icating a +i&ter Biewing and 0odifying a +i&ter 8e&eting a +i&ter +i&ter 6ynta$

OPENXTRA Limited

*F

User Guide-PACKETYZER

Coloring Pac#ets
To he&# make #ackets stand out it is #ossi!&e to change the !ackground co&or 6te# 7 .&ick on the required #acket 6te# , .&ick the dro# down arrow to the right of 6e&ection on the 0ain Too& @ar 6te# - 6e&ect a !ackground co&or The high&ighted #ackets wi&& change to the se&ected co&or"

Resetting .o&ori1ation
To reset the co&ors !ack to norma& #erform the fo&&owing ste#s" $tep Clic# Edit on the /indo"s Tool ,ar $tep % $elect Reset Colori<ation The co&ori1ation wi&& !e removed from the Packet List"

C)

OPENXTRA Limited

User Guide-PACKETYZER

Create &ilter 3ro' Pac#et


Packety1er a&&ows you to !ui&d +i&ters using ca#tured #ackets as a starting #oint" 6te# 7 Right c&ick on a #acket 6te# , .&ick on .reate +i&ter from Packet The +i&ter 8esigner screen a##ears o#en on the Advanced +i&ter ta!" 6te# - Ty#e a name for the +i&ter

Note5 The synta$ for the fi&ters is the same as that used !y Ethereal =s dis#&ay fi&ters"

OPENXTRA Limited

C7

User Guide-PACKETYZER

Printin# Packet Details


Packety1er a&&ows you to #rint detai&s of ca#tured #ackets in #&ain te$t"

Printing sing&e Packet 8etai&s


6te# 7 .&ick on the required Packet in the Packet List Biew 6te# , .&ick the Print !utton on the 0ain Too& @ar or +i&e Print on the /indows Too& @ar or .tr& P" A Print Preview screen a##ears showing the #acket detai&s" 6te# - .&ick the Print !utton The Packet 8etai&s wi&& !e #rinted"

Printing mu&ti#&e Packet 8etai&s


6te# 7 0ark the required Packets in the Packet List Biew Press 6hift to mark a contiguous grou# of #ackets .tr& to mark a non9 contiguous grou#" 6te# , .&ick the Print !utton on the 0ain Too& @ar or +i&e Print on the /indows Too& @ar or .tr& P" A Print Preview screen a##ears showing the #acket detai&s" 6te# - .&ick the Print !utton The Packet 8etai&s wi&& !e #rinted"

6aving a Re#ort
4ou can a&so save the marked #ackets in a re#ort fi&e for viewing or #rinting" 6te# 7 0ark the required Packets in the Packet List Biew Press 6hift to mark a contiguous grou# of #ackets .tr& to mark a non9

C,

OPENXTRA Limited

User Guide-PACKETYZER
contiguous grou#" 6te# , .&ick the Print !utton on the 0ain Too& @ar or +i&e Print on the /indows Too& @ar or .tr& P" A Print Preview screen a##ears showing the #acket detai&s" 6te# - .&ick the 6ave Re#ort !utton 6te# * (ive the fi&e a name The Packet 8etai&s wi&& !e saved in the named fi&e"

Biewing a Re#ort
6te# 7 .&ick the Print !utton on the 0ain Too& @ar or +i&e Print on the /indows Too& @ar or .tr& P" A Print Preview screen a##ears" 6te# - .&ick the O#en Re#ort !utton 6te# * 6e&ect a fi&e name The Packet 8etai&s are dis#&ayed" 'se the #age !uttons to move through the fi&e" 4ou may #rint some or a&& of the #ages as required"

OPENXTRA Limited

C-

User Guide-PACKETYZER

-ditin# and !endin# Packets


Packety1er a&&ows you to se&ect a #revious&y saved #acket edit it and send it out again onto the network"

Pac#et Editor
Packet Editor a&&ows you to se&ect a #acket change the contents and send it out onto the network" 4ou can edit #ackets !ased on a standard tem#&ate or on an actua& #acket that you have a&ready saved in a ca#ture fi&e"

O#ening the Packet Editor


.&ick on the /indows 0enu @ar 6how Packet Editor or .&ick the 6how Packet Editor !utton on the 0ain Too& @ar The Packet Editor screen a##ears"

C*

OPENXTRA Limited

User Guide-PACKETYZER

Editing Pac#ets
There are two ways to edit a #acket from a tem#&ate or from a #acket saved in a fi&e"

Editing a 6tandard Tem#&ate


6te# 7 .&ick on the /indows 0enu @ar 6how Packet Editor or .&ick the 6how Packet Editor !utton on the 0ain Too& @ar The Packet Editor screen a##ears" The tem#&ate contains a #acket with 1eros in most fie&ds"

OPENXTRA Limited

CC

User Guide-PACKETYZER
6te# , .&ick on the #acket tree view 8e#ending on the #art of the #acket you c&ick the re&evant fie&d in the he$ view wi&& high&ight" 6te# - Edit the va&ues in the 2e$ view !o$

Editing a 6aved Packet


6te# 7 .&ick on the /indows Too& @ar +i&e O#en or Clic# the 4pen 1utton on the +ain Tool ,ar $tep % $elect a pac#et 3ro' the Pac#et 6ist =ie" 6te# - Right c&ick on the required #acket 6te# * .&ick on 6end Packet The Packet Editor screen a##ears" 6te# C Edit the va&ues in the 2e$ view !o$

$ending Pac#ets
O#en the Packet Editor" 6te# 7 .&ick on the /indows 0enu @ar 6how Packet Editor or .&ick the 6how Packet Editor !utton on the 0ain Too& @ar The Packet Editor screen a##ears" Edit the #acket if required see Editing Packets a!ove" 6te# , 6e&ect an Ada#ter to use If you have more than one ada#ter se&ect from the dro# down &ist" 6te# - .&ick the 6end One !utton at the !ottom &eft of the screen"

CD

OPENXTRA Limited

User Guide-PACKETYZER
The #acket wi&& !e sent out using the interface on the s#ecified ada#ter"

8ecode as
0ost common Ether ty#es network and trans#ort #rotoco&s wi&& !e decoded automatica&&y using their defau&t va&ues" 6o for e$am#&e Ether ty#e ):)) wi&& !e decoded as IP IP #rotoco& 7E wi&& !e decoded as '8P and #ort 7D7 wi&& !e decoded as 6N0P" 8ecode as a&&ows you to change these a&&ocations if you are using different va&ues" To set everything !ack to defau&t c&ick the Reset !utton or choose 8efau&t to reset any individua& ta!"

6end Packet
6te# 7 O#en a #acket using the Packet Editor" 6te# , Amend the #acket as required see Editing Packets" 6te# - 6end the #acket !y c&icking on the 6end !utton"

OPENXTRA Limited

CE

User Guide-PACKETYZER

Decodin# Packets
8ecoding is fu&&y automatic the software wi&& decode each #acket de#ending on the #rotoco&s detected no user intervention is required" Note5 If you have changed any of the defau&ts in (&o!a& O#tions Protoco& O#tions then some as#ects of the decode may !e different" A&& e$am#&es shown in this 2e&# assume defau&t settings" 0ake sure that the 8ecode Ta! on the 0ain 6creen is se&ected

C:

OPENXTRA Limited

User Guide-PACKETYZER
Packety1er inc&udes decodes for over *)) #rotoco&s" 6ee the Packety1er 8ecoder Reference (uide or the on &ine 2e&# system for detai&s of a&& the su##orted #rotoco&s" The defau&t &ayout shows the Tree 8etai&s Packet List and 2e$ and A6.II 8etai&s views" Note5 If you have se&ected an a&ternative from the .a#ture Too& @ar 6creen Layout !uttons then your screen may !e different"

6e&ecting a #acket to view


.&ick on a #acket in the Packet List view The detai&s are dis#&ayed in decoded format and as he$ and A6.II data"

E$#anding and .o&&a#sing the who&e tree


6te# 7 Right c&ick on a !&ank s#ace in the Tree 8etai&s view 6te# , 6e&ect E$#and A&& or .o&&a#se A&& This a&&ows you to view a&& the detai&s or a short summary" Note5 Each !ranch of the tree can !e e$#anded or co&&a#sed individua&&y !y c&icking on the #&us;G< and minus;9< signs"

Biewing #art of the tree


.&ick a fie&d in the he$ and A6.II data view The fie&d is high&ighted and the Tree 8etai&s view e$#ands the re&evant #arts of the tree"

OPENXTRA Limited

CF

User Guide-PACKETYZER

Index
A
A!out this (uide 1 Ty#ogra#hica& .onventions 7

.a#ture +i&ters .o&oring Packets Resetting .o&ori1ation .onnections Ta!

,2 C) C) *1

8ecode as "( 8ecode Ta! 2$ 8ecoding Packets C: E$#anding and .o&&a#sing the who&e tree 6e&ecting a #acket to view CF Biewing #art of the tree CF 8efau&t .a#ture ,Ada#ter ,Automatic scro&&ing during ca#ture .a#ture name ,* .a#ture #ackets in #romiscuous mode Limit each #acket to ,* Limit tota& ca#ture to $$ ki&o!ytes Reuse ca#ture !uffer when it is fu&&

CF

,* ,* ,* ,*

Editing and 6ending Packets C* Editing a 6aved Packet CD Editing a 6tandard Tem#&ate CC Editing Packets CC

D)

OPENXTRA Limited

User Guide-PACKETYZER
O#ening the Packet Editor Packet Editor C* 6ending Packets C* CD

+i&tering Packets *, Advanced +i&ter E$am#&e *: Advanced +i&ters *: A##&ying a +i&ter *C .a#ture +i&ters *, .reate +i&ter from Packet C7 8e&eting a +i&ter *E 8u#&icating a +i&ter *D +i&ter E$am#&e *C +i&tering !y 0A. or IP Address +i&tering !y Port num!er ** +i&tering !y Protoco& ** +i&tering the Packet 8is#&ay *F 0aking a 6im#&e .a#ture +i&ter 0aking an E$#ression +i&ter *E Biewing and 0odifying a +i&ter +i&ters Ta! -*

**

*, *E

(&o!a& O#tions Ask !efore c&osing session (&o!a& ,7 Reso&ve 0A. addresses Reso&ve network addresses Reso&ve trans#ort names

,, ,, ,, ,,

2e$ and A6.II 8etai&s Biew ,: .o#y ,:

OPENXTRA Limited

D7

User Guide-PACKETYZER P
Packet List Biew ,: Reordering the co&umns ,: Packety1er , .a#turing Packets 7F +i&e +ormats 6u##orted Introduction , Network Ty#es 6u##orted , 6etting (&o!a& O#tions ,7 6tarting Packet .a#ture 7F 6tarting Packety1er 7F 6to##ing Packet .a#ture ,) Printing Packet 8etai&s C, Printing mu&ti#&e Packet 8etai&s Printing sing&e Packet 8etai&s C, 6aving a Re#ort C, Biewing a Re#ort CProtoco&s Ta! *0

C,

6earching for Packets -F .om!ining 6earches *7 +i&ter E$am#&e *) 6earching for Packets that contain a string 6earching for Packets that match a +i&ter 6end Packet "( 6etting (&o!a& O#tions ,7 Protoco& O#tions 2" /LAN O#tions ,D 6tatistics Ta! *2

*7 *)

Tracking T.P Traffic -:

-D

D,

OPENXTRA Limited

User Guide-PACKETYZER
8ecode -E Trace -: Tree 8etai&s Biew .o&&a#se A&& ,: .o#y ,: E$#and A&& ,:

,E

&

Biew O#tions ,E .onnections Ta! +i&ters Ta! -* 2e$ and A6.II 8etai&s view Packet List view Protoco&s Ta! -) 6tatistics Ta! -, Tree 8etai&s view /ire&ess Ta! --

-7 ,: ,: 2(

/atch O#tions -C 8estination -C 8estination Port -C Protoco& -C Reset /atches -D 6e&ecting Packets to view -C 6ource -C 6ource Port -C Tracking T.P Traffic -D /atch this 6ession -D /ire&ess Ta! **

OPENXTRA Limited

D-