|
|
|
|
|
Register with us
|
|
BVTech provides high-quality free software.
To keep up with the latest release or help us to improve our products,
please sign our guestbook.
|
|
|
|
|
|
|
Documentation
|
Capturing packets
The program interface consists of three panes. Captured packets are organized and showed on the left-top pane based on type, source and destination addresses, and connections. You can also add "workspace" to display packets that fit special criteria, such as containing a word, matching a user-defined rule, and/or matching time, size, etc (see the section of "Program Options"). The left-bottom pane and the right pane displays decoded data or statistics data. To start capturing packets, select a network adapter from the drop-down list on the toolbar, and click on the Start Capture button or select Edit -> Capture from the menu. To stop capturing packets, click on the Stop button on the toolbar or select Edit -> Stop from the menu.
|
|
Customizing Workspace
You can add workspace to display packets that fit special criteria, such as containing a word, matching a user-defined rule, and/or matching address, time, size, etc. VisualSniffer supports multiple workspaces and shows one workspace at a time.
Writing Rules
VisualSniffer can analyze network traffic for matches against a user defined rule set and give warning messages based upon what it sees. VisualSniffer uses rules similar to Snort rules, which are explained at www.snort.org. VisualSniffer rules consist of two logical sections, the rule header and the rule options. The rule option section is enclosed in parenthesis and contains one or more options, which could be messages or patterns on which parts of the packet should be inspected. Rule options are separated from each other using the semicolon ; character.For example,header (option1; option2; бн)
Setting up Maximum Data Size
VisualSniffer stores row data of captured packets in a cache file instead of memory. Therefore, you can set Maximum Data Size in very high number based on the space of your hard disk. If Maximum Data Size is reached, the program will take one of the following actions:
Stop capturing packets
Discard data - The program will erase all captured data and continue capturing packets
Save data to the current file or a file in the backup folder - This allows monitoring network in a long period.
Setting up filters
In the "Option" dialog, enter a filtering expression in the "Filter" field. VisualSniffer uses the libpcap filter language for capture filters. The filtering expression syntax is explained in the tcpdump man page www.tcpdump.org.
|
|
|
|