Packetyzer FAQ
So is the name Packetyzer or Packetizer?
Packetyzer is a contraction of Packet Analyzer, so it is Packetyzer.
How much does Packetyzer cost?
Packetyzer is "free software." You can download and use it without paying any license fee. Packetyzer is distributed under the GNU General Public License.
Where can I find the source code for Packetyzer?
You may find the Packetyzer source code in CVS at sourceforge.
Does Packetyzer work with Windows 2000/XP/2003?
Packetyzer version 5.0 includes WinPcap 3.1 that supports Windows 2000/XP/2003.
Will Packetyzer work with Windows Vista?
We haven't tested Packetyzer with Vista. And the support is mainly driven by the WinPcap packet capture driver that is included in Packetyzer 5.0. WinpCap version 3.1 has not been fully tested on Vista.
Packetyzer doesn't work on my dual-processor machine, or my new Xeon-based machine. What is the problem?
See WinPcap FAQ for more information. Support for SMP machines has been included starting from version 3.0. Please update your installation of WinPcap.
What protocols are currently supported?
Packetyzer supports all protocols and media which are supported by Ethereal. For the complete list of supported protocols, see this.
What network adapters are supported by Packetyzer?
The support is driven by the WinPcap device driver. The WinPcap device driver was originally developed to work primarily with Ethernet (10/100/1000) adapters. Support for other MACs was added during the development, but Ethernet remains the most tested one. A pretty complete list of supported adapters is maintained at http://www.micro-logix.com/WinPcap/Supported.asp. For more information, see WinPcap FAQ.
Can Packetyzer capture 802.11 packets?
Packetyzer can only capture 802.11 packets in promiscuous mode directly with wireless adapters specifically designed to sniff 802.11 traffic, including control and management frames. You can use the 802.11 a/b/g cards provided with RFprotect Mobile product. Packetyzer can open and manipulate 802.11 captures made with other programs.
The limitation is driven by the support of wireless adapters for WinPcap. WinPcap works the best with Ethernet adapters. The wireless adapters are not properly supported by the Windows kernel. Some of them are not detected and others do not support promiscuous mode. In the best case, the WinPcap device driver that is installed with Packetyzer is able to see an Ethernet emulation and not the real transiting packets. This means that the 802.11 frames are transformed into fake Ethernet frames before being captured and that control frames are not received; 802.11 data gets stripped off at the receiving end, leaving the Ethernet packets which can be viewed.
Given the above information, capturing traffic from your wireless network adapter in non-promiscuous mode can be done in the following way:
- Start Packetyzer.
- In the Capture Options dialog box, select the wireless adapter from the list of adapters.
- Uncheck the "Capture packets in promiscous mode" checkbox.
- Start a packet capture session.
All the Ethernet traffic being sent to and from your wireless adapter will be captured and displayed in Packetyzer.
The only thing I see in the adapter list is a colon ":".
You need to restart Windows after installing WinPcap.
I have loaded an 802.11 trace or captured 802.11 traffic. However, I don't see any management frames.
Take a look at the WLAN Options tab of the Global Options dialog box. It is likely that the Stumbling mode is enabled.
How can I disable sequence checking in Packetyzer?
It is possible to have a "TCP Out-Of-Order TCP Retransmission" error when in fact the sequencing of your packets is working properly. This occurs due to the order in which the packets are being viewed and processed. The detail screens will display the correct information, but the summary screen will occasionally detect packets as being retransmitted. This can occur when examining packets by "paging up" through the data. The sequence number checking can be turned off from the Protocol Options tab of the Global Options dialog box. You need to uncheck the "Analyze TCP sequence numbers" box. This will prevent the retransmission error from being reported.
What is the best way to interpret %'s in the Protocol Tab of Packetyzer?
The figures represent the percentage of protocol traffic in the packet capture. They may or may not total up to 100%. The reasons for this are padding of Ethernet frames, and nesting of protocols. Ethernet padding will add data that can't be defined as a protocol. You can see this in the "Trailer" section of some of the packets in the Decode tab. The nesting of protocols can make the percentage exceed 100%. For example, protocol x is 60% of the total traffic in a capture. Within protocol x is protocol y which as a total equals 30% of the traffic in the capture. The two protocols would be displayed as 90% of the traffic, and could make the sum total of all the protocols in the capture greater than 100%.
Can packetyzer provide the average of a specific host?
To get the average network utilization of a specific host, one could use a capture filter and filter by IP address. Keep in mind that capture filters use libpcap/tcpdump syntax. So the filter would use something like "host 10.10.10.4" (without the quotes) as the filter.
I am using RFprotect Distributed. Can I use one of the wireless security sensors as an 802.11 adapter for Packetyzer?
Yes. You can use one of the 802.11abg sensors as an adapter for Packetyzer to capture 802.11 traffic.
I select the adapter in the Capture Options dialog box. However, each time I exit the Packetyzer program, it forgets my adapter setting.
Since Packetyzer is designed to work with multiple adapters simultaneously, the adapter selection for a capture session is specific to that window (i.e. setting the adapter in the Capture Options dialog box will only affect that capture window). When a new capture window is created it will read the setting from the Global Options. You can use the Select Adapter dialog box from Edit menu to set your default adapter setting.
