Chapter 3. Using VTA

3.3.1 PacketList View

Figure 3.3.1 shows the packet list view. A summary line is displayed for each captured packet.  The summary line
contains:

• a packet number, indicating its position in the sequence of captured packets,
• a time value, indicating seconds that have elapsed between the capture of the first packet and the capture of the displayed packet,
• the source and destination IP addresses,
• the protocol (TCP or UDP), and
• protocol related information.

Figure 3.3.2 shows the operation menu in the packet list view. User can lock/unlock the view so that no more packets will be added into this view. Clicking on the "Clear View" item will clear this view.

3.3.2 Connection Packet View

Figure 3.3.3 shows the connection packet view. A summary line appears for each TCP connection.  The summary line contains the source and destination addresses (<IP address,port>).  Selecting a particular connection displays a summary line, similar to that of the packet view, for each packet that has been sent or received, by the host, along the connection.  Selecting the summary line for a particular packet displays the data contained in that packet in binary and ASCII format.

Figure 3.3.4 shows the operation menu in the connection packet view. User can lock/unlock the view so that no more packets will be added into this view. Clicking on the "Clear View" item will clear this view. Clicking on the "Update view" item will update view.

3.3.3 Connection Reconstruction View

Figure 3.3.5  shows the Connection Reconstruction View. This view attempts to depict data transmitted along the connection as a conversation between the communication endpoints. A summary line is displayed for each TCP connection.  Selecting a single connection displays the data, in ASCII format, that has flowed across the connection.  The bottom two subwindows depict reconstructed TCP data sent by each endpoint. During the reconstruction, duplicates are removed, packets are reordered according to their sequence number. Different text colors denote the direction of the data transmission.  For example, data transmitted from the VTA host to receiver always appears in a single color that is different from the single color used to depict data received by the VTA host.
 

Figure 3.3.6 shows the operation menu in the connection reconstruction view. After the user finish capturing packets, he can reconstruct TCP packets by eliminating duplicates and reorder packets in their sending order, not the order they are received. User can lock/unlock the view so that no more packets will be added into this view. Clicking on the "Clear View" item will clear this view. Clicking on the "Update view" item will update view.

If the user choose reconstruct from the operations menu before he stops capturing, a stop window will be shown. When the user wants to stop packet capturing, he can click on the Stop button in the stop window to stop packet transferring. The user cannot view details of the reconstructed view unless he clicks on the Stop button of the stop window. Figure 3.3.7 shows the stop window.

3.3.4 Machine Distribution View

Figure 3.3.8 shows the machine distribution view. It displays an undirected graph where edges correspond to source/destination pairs in a captured packet and nodes correspond to IP addresses.  For each node, an IP address and number of packets sent and received is displayed. In order to display the mahchine distribution, an automatic layout algorithm based on a spring-embedder model is used.  Attractive forces are assigned on all links and repulsive forces are assigned between nodes. Iteration is used in an attempt to acheive balance.  This technique can produce reasonable layouts of many networks, but may not produce satisfactory results of complicated networks.  As a remedy, VTA allows the user to graphically adjust the resulting layout.
 

Figure 3.3.9 shows the operation menu in the  machine distribution view. User can lock/unlock the view so that no more packets will be added into this view. Clicking on the "Clear View" item will clear this view. Clicking on the "Exit" item will close this view.

Figure 3.3.10 shows the view menu in the machine distribution view. Users can choose to show or hide the IP Address, number of packets recevied or sent on the view.

Figure 3.3.11 shows the window menu in the machine distribution view. Users can choose to show or hide the node information window.

The node information is shown in Figure 3.3.12. It shows the IP address, number of packets sent/received of each node.

3.3.5 Timeline View

Figure 3.3.13 shows the timeline view. In the timeline view, an axis appears for each new socket (<IP,port> pair). Each sent or received packet results in an arrow between the axes corresponding to the source and destination.  Both UDP and TCP communications are displayed.  (If the transmission is based on UDP, the arrow appears dashed; if the transmission is based on TCP the arrow appears solid.)

Figure 3.3.14 shows the operation menu in the timeline view. User can lock/unlock the view so that no more packets will be added into this view. Clicking on the "Clear View" item will clear this view. Clicking on "Exit" will close this view. The "Set Filter" item will bring up a viewing filter shown below.

Figure 3.3.15 shows the viewing filter window for the timeline view. The user can choose which socket to appear in the timeline view in this window. Only packets to or from the hosts specified in this window will be shown on the view. Other packets will not be shown on the view. The default is to show all packets delivered to the timeline view.

3.3.6 TCP status View

The TCP Staus view is shown in Figure 3.3.16. This view depicts the state of a TCP connection within the protcol state transition diagram.  Different colors, red or green, mark the state in which the two connection endpoints currently reside. A third color marks states through which the connection has passed.

Figure 3.3.17 shows the options menu in the TCP status view. User can lock/unlock the view so that no more packets will be added into this view. Clicking on the "Reset" item will clear this view.