FAQ

What if Sniffer displays an error at every startup?
The packets intercepted from DialUp-adapter with Windows 2000 do not look like correct IP-packets.
I have a very busy traffic and Sniffer does not have enough time to process all the packets.
Is it possible to write one's own plug-in for Sniffer?
Does that affect the computer's performance?
Where do I get the information on the format of IP-packets?
How to capture traffic on UNIX/Linux machine?

What if Sniffer displays an error at every startup?

That happens when the database file sniffer.od is damaged. It is located at

%USERPROFILE%\ApplicationData\Ufasoft\Sniffer
directory. Then the file must be deleted, and a new file will be automatically created. Of course, all the data stored in it will be lost.

The packets intercepted from DialUp-adapter with Windows 2000 do not look like correct IP-packets.

The thing is that various compression types are used at PPP connection. For the moment only the decoding of MPPC method has been realized. If you use another method, please, inform us. The program will be improved.

I have a very busy traffic and Sniffer does not have enough time to process all the packets.

The load can be reduced if you turn off the majority of plug-ins, leaving, for example, only Ethernet and IP. Also filter out and save only potentially necessary packets. And later on perform a more precise reanalyzing, not in the real-time operation mode this time.

Is it possible to write one's own plug-in for Sniffer?

This opportunity has been provided for. Plug-ins interact with the shell on the COM protocol. But so far the interfaces have not acquired a stable form and, therefore, they are not published.

Does that affect the computer's performance?

The driver practically works only during execution of sniffer.exe. Then the driver is still loaded but it stays idle. With NT4/Win2000 you can stop it using the command:

net stop UfasoftSnifDriver4

VXD-driver is used With Win9x and it gets unloaded automatically.

Where do I get the information on the format of IP-packets?

The format of IP- TCP- and other protocols is described in RFC documents. They can be found on the site http://www.ietf.org

How to capture traffic on UNIX/Linux machine?

The Snif includes rpcapd remote agent with source code, but there is more simple solution exists:

ssh login@linuxbox.com tcpdump -s0 -w - not tcp port 22| tcpdump -r -
or
ssh login@linuxbox.com tcpdump -s0 -w - not tcp port 22| icqdump -r -
This command tunnels traffic through SSH. OpenSSH client for Windows available at
Cygwin