To capture packets in Net Analyzer use the Start Capture command, from the File menu, or from the application tool-bar. This will determine the Filter Dialog to appear. After the user chooses a filter / no filter, the capture phase itself will starts.
The capture command will put the Ethernet adapter in promiscuous mode, which allows the application to see all the packets that are transmitted, on the wire. Unless a filter is specified in the Filter Dialog, all packets will be captured. If a filter is imposed, the packets will be filtered, and only those that satisfy the rules imposed by the filter will be kept.
While the capture phase starts the application will display the 'Capture Dialog' . Press 'Stop Capture' in this dialog to stop the capture phase.
After the capture is completed, the user can visualize and save the captured data.
The filters establish rules for capturing the packets. There is a global list of filters that the user may edit anytime by using the View/Filters command from the menu bar, or by choosing the appropriate button from the toolbar.
To use a filter during the capture phase, select/create it in the Filter Dialog that will appear before the capture starts.
The dialog will display all the filters in the global list of filters. The user can add, delete, or edit a filter by pressing the appropriate buttons. When adding/editing a filter the following Filter Edit Dialog appear:
Here, the user can edit the filter. For example here we have the filter called 'My filter' that will admit only IP packets sent by 128.8.126.35 or 128.8.126.35.
A filter consists of a tree formed by OR, AND and 'Sub-Filter' nodes. The nodes in the middle of the tree are only OR or AND nodes, while the leafs, are Sub-Filter nodes. The OR and AND nodes represent logical connectors, while the Sub-Filters represent rules. The rules consist of a type and a set of conditions.
A packet satisfies a filter when it satisfies the root condition of a filter.
An AND condition node is true if all its children are true. An OR node is true when at least one of its children is true. A Sub-Filter node is true when the packet is recognized as being of the specified type, and the conditions hold for the specified fields of the packet. (The packet types will be inherited, so, a TCP packet is also an IP packet).
The nodes can be added by using the specific buttons placed at the bottom of the dialog. Nodes can be deleted / edited by using the proper buttons.
When adding a Sub-Filter, a dialog with all the entry types will appear. The user can select here a type and, after that, he can set the rule associated with the Sub-Filter by choosing the Set Rule button.