Y.A.S.C Software 

 Toolbars

 
New PacketOpen packetSave Packetadd Apacket to PacketlistSend PacketIncrease FontSizeDecrease FontSize
Hover Over the respective Items

     

     

     Menu | File Operations

     

     

      • New Project
        • Clears every Packet from the packet list, and creates a clean Workspace.
      • Load Project
        • Loads Sniffem Project Files (SEM) or CSV (Comma delimited File) saved by Sniff'em.
      • Save Project
        • Saves Project as Sniffem Project File (SEM) or CSV.
      • Export
        • Export current Data to CSV, HTML and TXT.
      • Print
        • Print out all the listed data
      • Exit
        • Exit the Program

     

     Menu | View

     

      • View
        • Disables/Enables respective Views.

     

      • Buffer Decoding [ F6 ]
        • This view swaps from Capturing mode to Decoding mode
      • Set to Standard
        • Sets design and size back to the standard settings.

       

       

       Menu | Capture

       

        • Start [ Ctrl+A ]
          • Puts the selected adapter into Promiscuous Mode and start the Sniffing progress.
        • Stop [ Ctrl+Z ]
          • Stops the sniffing Progress.

        • Find [ Ctrl+F ]
          ASCIIè The search input must be ASCII.
          HexèThe search input must be Hexadecimal.
          Packet List èThis searches the Packetlist including the decoded files (TCP,Port,Service...)

          Found items will have this icon  in front of them. Use right-click Refresh to get rid of the icons.

       

       

       

       Menu | Tools


        • Statistics
          • Displays statistical information about incoming and outgoing Data.


        • Logging
          • See Logging
        • Display
          • Hostname : Replaces IP address by their respective Hostnames in PacketView
          • IP : Displays the IP address of the machine in Packet View.
        • TCP watcher
          • Enable : Enables the TCP Connection Watcher
          • Show : Displays the TCP Connection watcher
            • Tcp Watcher will show established connections and if the 3-way TCP shake has been fulfilled, this does enable you for example to catch Nmap (-sS) scans easily. (only SYN will have an X)
            • The filter will allow you to filter out certain ports, like http 80 port.


        • Settings
          • See Getting Started è Settings

       

       

       

       Menu | Mode

       

        • Normal
          • The normal mode captures the data and immediately displays the data inside the Packetview.
        • Logging Only
          • This mode will *not* display captured data, but will write it down to a log file on the Hardrive this is done to lower the CPU usage. See logging for more details on how to control logging.
        • Trigger Mode
          • Choosing the Trigger mode will pop-up the filter loading dialog which will let you choose a saved filter. The Trigger mode will ONLY start to capture data or logging data *IF* the Filter let any data through.
            Example : The loaded filter is set to only capture data which arrives at port 80. If the Start button is pressed *nothing* will be recorded until a packet arrives at port 80, from then on the capturing will begin. Note that this option is allowed in Normal and Logging Only Mode.

       

       

       

       Menu | Filter

       

        • Software Filter
          • See Filter

        • Hardware Filter
          Promiscuousè Specifies all packets.
          All Functional è All functional address packets, not just the ones in the current functional address.
          All Multicast è All multicast address packets, not just the ones enumerated in the multicast address list.
          Broadcastè Broadcast packets.
          Directedè Directed packets. Directed packets contain a destination address equal to the station address of the NIC.
          Functionalè Functional address packets sent to addresses included in the current functional address.
          Groupè Packets sent to the current group address.
          Mac Frame èNIC driver frames that a Token Ring NIC receives.
          MulticastèMulticast address packets sent to addresses in the multicast address list. A protocol driver can receive Ethernet (802.3) multicast packets or Token Ring (802.5) functional address packets by specifying the multicast or functional address packet type. Setting the multicast address list or functional address determines which multicast address groups the NIC driver enables.
          SMTèSMT packets that an FDDI NIC receives.
          Source Routing èAll source routing packets. If the protocol driver sets this bit, the NDIS library attempts to act as a source routing bridge.