When Show Traffic is started, it prompts you to select the network adapter from the adapter list. If you only have one network card in the system, there will only be one item in that list (Start Screen).
Clicking on the green arrowhead, which is immediately to the right of the network adapter list, will start the monitoring process (Monitoring 1). Once monitoring is started, clicking on the red box, which represents the stop button, to the right of the arrowhead will stop monitoring.
If you want to set up filters to only monitor certain data, you can do so by clicking on Filter and then selecting Setup Filters, or you can hit Ctrl-E to bring up the filter setup window (Filter Setup). Note: if you are remotely trying to setup filters, you may have to turn off monitoring first, because the constant screen updates may make it difficult to set up a filter, otherwise.
Click on the Add button to add a new filter. Type in a WinPcap filter expression. You can get help on the syntax by clicking on the Help button.
If I'm not interested in traffic from/to 3 hosts, say 192.168.0.3, 192.168.0.25 and 192.168.0.49, I would add the following filter (Deselection of 3 Hosts).
not host 192.168.0.3 and not host 192.168.0.25 and not
host 192.168.0.49
If I also didn't want to monitor any traffic using ports 137 and 138,
I could change the filter to not host 192.168.0.3 and not host 192.168.0.25
and not host 192.168.0.49 and not port 137 and not port 138
Check the checkbox next to the filter you you want to activate. Click on Apply to apply the filter and Save to save filters.
Note: I've found that, if you add multiple filters and check all of them, the last one is the one that is active.
If you are only interested in monitoring trafic to/from
a particular port, you can use a filter such as
port 554 (Port 554 Only).
If you are only interested in monitoring trafic to/from
a particular IP address, you can use a filter such as
host 192.168.0.12
(Host 192.168.0.12).
If you want Show Traffic to display port names
instead of port numbers for commonly used ports,
you can click on the 21/FTP icon
on the toolbar (port 21 is used by the
FTP
protocol). Then you will see http rather
than 80, smtp rather than
25, etc., in the src port
and dst port columns
(Port Names).
You can order the data by various parameters by clicking on the column headers. For instance, to order the data by speed, click on the "Speed" column header.
You can "freeze" the display by hitting F8 or clicking on the blue snowflake symbol to the left of TCP on the toolbar. You can unfreeze the display by clicking on it again.
You can have it log data by clicking on View and then Settings and then checking "use log file".
Created: Friday February 15, 2008
