The Netlogger Frontend canvas is composed by several areas. The Palette is located on the left side of the screen. In the Palette you find the various the Netlogger tools.
Drag and drop the Packets From Network tool from the Input menu onto the canvas, which is the large area to the right of the Palette. Rightclick the tool and select Options. Choose the interface you want to collect packets from.
Screenshots
Now right click on the Packets from Network tool, and choose "Data Samples". Now you will be able to see the what kind of traffic is running through the Packets from Network tool.
Drag and drop the Filter Packets tool onto the canvas. The tool can be found by expanding the Packet Operations icon in the Palette.
Connect the two tools by dragging the blue arrow from the Collect Packets tool, to the Filter Packets tool.
Now filtering packets can begin. Lets say that you want to split the incoming data in two: namely TCP traffic to port 80 and all other traffic.
Right click on the Filter Packets tool. A pop up window appears. Check the TCP box, type "*" in the Add field, under "IP Addresses", click "Add". type "80" in the Add field under "Ports", click "Add". Click "Apply". If applicable also port "8080" is entered in the same manner
Screenshots
Lets say that you want to take a closer look on the accepted packets. Drag the Extract HTTP tool from the Palette onto the canvas. The Extract HTTP tool can be found by expanding the Protocol Extractors icon.
Connect the Filter Packets tool with the Extract HTTP tool using the dark blue arrow.
Double-click on the on the Extract HTTP tool and choose "Properties".
In the HTTP Port field you can type "80" or "8080" as most HTTP traffic runs to these ports, to se HTTP traffic on all ports type "0". Now You can choose to check one, two or three of the check boxes below.
Screenshots
In this example we want to include the actual web content as BLOBs (Binary Large Objects). Toggle 'Include POST blob' and 'Include content blob' on and click "ok".
Now view the traffic that has been through the Extract HTTP tool. (right click on the Extract HTTP tool and choose Data samples) Examples of the traffic are displayed. As you can tell the Netlogger provides you with information about what kind of browser the clients are using (agent), where they came from (referrer), etc.
If you are not seing any traffic at this point, you mey generate some yourself by visiting some web pages with your browser.
You might like to alter or manipulate the data into a different form. To do this you drag the Change Fields tool from the Record Operations menu onto the canvas. Connect the Extract HTTP tool with the Change Fields tool.
Screenshots
Right-click on the Change Fields tool. In the window appearing, you can alter the data format to suit your needs or skip fields to reduce output fields. Perhaps you prefer a format more readable than the POSIX timestamps. In the drop-down field to the right of the time field you can alter the data type. Choose "STRING128", and click "OK". Now look at the data samples. The POSIX timestamp has changed to the far more readable format: Day / Mon / date/ hh:mm:ss / Timezone / year.
Screenshots
The Netlogger lets you store the data by using the Log to File tool or the Log to Database tool. Drag the Log to File tool onto the canvas. Connect the Change Fields tool with the Log File tool. Right-click on the Log to File tool. The Netlogger will ask you where to store your log file. You can also choose between several options including file-rotation and output-formats . Choose destination and click "OK". Now you are logging traffic.
Screenshots
Note that you can easily connect more tools to one output-stream and create multiple logs
Screenshots
Screenshots
Screenshots
