Javvin Packet Analyzer User's Manual

Overview

Professional and enterprise

Version and upgrade

Install and Uninstall

Installation Environment

Get Started to Use

Create a Project and Capture Traffic

Select Capture Sources

Use Menu bar

Use Toolbar

Use Context menus

Use Start Page

Use Dock windows

Understand and Use Tab views

Choose System Options

Restart Capture and Do Automatic Capture

Project settings

HManage Data

Understand Statistics

Manage Filters

Use Command Line to Operate the Analyzer

Do TCP session Reconstruction Using Packet Analyzer

Set and Use Name Table

Manage Logs

Decode Packets

Customize User Interface

Optimize the Performance of the Analyzer

free download Free to try

Order Packet Analyzer Buy Now

Conversations view

The Conversations view dynamically presents the real-time status of Physical, IP, TCP and UDP conversations between pairs of endpoints, the sub-views offer the related packets and reconstructed stream the active conversation. This view will replaced by Connections if open a project file or packet file of version 5.5 or before.

 

 

 

 

 

 

Sub-view

Description

Packets

Shows the related packets to the current connection. A connection will be kept in the Conversations view for two minutes after it is closed; when it is cleared from the connection list, you can still find its related packets in the Packets view.

Stream

Unique to TCP connections list. Offers the reconstructed TCP stream of the selected item.

Data

Unique to UDP conversations list. Offers the reconstructed UDP data of the selected item.

Conversations view 1

Conversation list

The conversation list reveals what TCP and UDP conversations your network is making, captured conversations are circularly stored to keep the display real time and dynamic. Javvin Packet Analyzer will clear those conversations having been closed for more than two minutes when the list reaches 1000 conversations. The conversation related packets can be seen in the Packets view, HTTP conversations, Email conversations, FTP conversations and DNS conversations can be seen in the Logs view, when a conversation is cleared from the conversation list, you may find the corresponding information from these views.

You can view the conversation details by switching the sub-tabs at the lower section of the display, or in the new opened Conversation Details window with double clicks on the selected conversation. When the Conversation Details window is opened, the data displayed in it will be kept even after the connection is cleared from the connection list.
In addition to the common context commands as other tab views, this view also has the following specific commands:

Command

Description

View Details in New Window

Opens a new window to show the conversation details; alternately, you can double click on the conversation.

Show Conversations

Defines a condition and shows matching conversations.

Export Conversations...

Exports the conversations to a file.

TCP stream

From this view, you can see the reconstructed data streams of the selected conversation. The data streams of different directions can be distinguished by color, e.g. blue is for endpoint 1 to endpoint 2, green is for endpoint 2 to endpoint 1.

Conversations view 2

By default, the data streams are showed as ASCII. You can change the display to EBCDIC with a right click in the view and select the Show as EBCDIC command from the context menu.

To save the TCP streams to a text file, press the Save As icon from the toolbar or select the command from the context menu.

The preview size of TCP streams can be customized by opening the Options dialog from the Tools menu. When a TCP stream goes beyond the size defined, only the contents within the size are shown. To view the whole contents, you must redefine the preview size to a larger value.

Conversations view 3