Chapter 3. Using VTA
Figure 3.3.1 shows the packet list view. A summary line is displayed
for each captured packet. The summary line
contains:
Figure 3.3.1: VTA Packet List View
Figure 3.3.2 shows the operation menu in the packet list view. User can lock/unlock the view so that no more packets will be added into this view. Clicking on the "Clear View" item will clear this view.
Figure 3.3.2 The operation menu in the packet list view
3.3.2 Connection Packet View
Figure 3.3.3 shows the connection packet view. A summary line appears for each TCP connection. The summary line contains the source and destination addresses (<IP address,port>). Selecting a particular connection displays a summary line, similar to that of the packet view, for each packet that has been sent or received, by the host, along the connection. Selecting the summary line for a particular packet displays the data contained in that packet in binary and ASCII format.
Figure 3.3.3: VTA Connection Packet View
Figure 3.3.4 shows the operation menu in the connection packet view. User can lock/unlock the view so that no more packets will be added into this view. Clicking on the "Clear View" item will clear this view. Clicking on the "Update view" item will update view.
Figure 3.3.4 The operation menu in the connection packet view
3.3.3 Connection Reconstruction View
Figure 3.3.5 shows the Connection
Reconstruction View. This view attempts to depict data transmitted along
the connection as a conversation between the communication endpoints. A
summary line is displayed for each TCP connection. Selecting a single
connection displays the data, in ASCII format, that has flowed across the
connection. The bottom two subwindows depict reconstructed TCP data
sent by each endpoint. During the reconstruction, duplicates are removed,
packets are reordered according to their sequence number. Different text
colors denote the direction of the data transmission. For example,
data transmitted from the VTA host to receiver always appears in a single
color that is different from the single color used to depict data received
by the VTA host.
Figure 3.3.5: VTA Connection Reconstruction View
Figure 3.3.6 shows the operation menu in the connection reconstruction view. After the user finish capturing packets, he can reconstruct TCP packets by eliminating duplicates and reorder packets in their sending order, not the order they are received. User can lock/unlock the view so that no more packets will be added into this view. Clicking on the "Clear View" item will clear this view. Clicking on the "Update view" item will update view.
Figure 3.3.6 The operation menu in the connection reconstruction view
If the user choose reconstruct from the operations menu before he stops capturing, a stop window will be shown. When the user wants to stop packet capturing, he can click on the Stop button in the stop window to stop packet transferring. The user cannot view details of the reconstructed view unless he clicks on the Stop button of the stop window. Figure 3.3.7 shows the stop window.
Figure 3.3.7 Stop Window
3.3.4 Machine Distribution View
Figure 3.3.8 shows the machine distribution view. It displays
an undirected graph where edges correspond to source/destination pairs
in a captured packet and nodes correspond to IP addresses. For each
node, an IP address and number of packets sent and received is displayed.
In order to display the mahchine distribution, an automatic layout algorithm
based on a spring-embedder model is used. Attractive forces are assigned
on all links and repulsive forces are assigned between nodes. Iteration
is used in an attempt to acheive balance. This technique can produce
reasonable layouts of many networks, but may not produce satisfactory results
of complicated networks. As a remedy, VTA allows the user to graphically
adjust the resulting layout.
Figure 3.3.8: VTA Machine Distribution View
Figure 3.3.9 shows the operation menu in the machine distribution view. User can lock/unlock the view so that no more packets will be added into this view. Clicking on the "Clear View" item will clear this view. Clicking on the "Exit" item will close this view.
Figure 3.3.9 The operation menu in the machine distribution view
Figure 3.3.10 shows the view menu in the machine distribution view. Users can choose to show or hide the IP Address, number of packets recevied or sent on the view.
Figure 3.3.10 The view menu in the machine distribution view
Figure 3.3.11 shows the window menu in the machine distribution view. Users can choose to show or hide the node information window.
Figure 3.3.11 The window menu in the machine distribution view
The node information is shown in Figure 3.3.12. It shows the IP address, number of packets sent/received of each node.
Figure 3.3.12 The node information window
3.3.5 Timeline View
Figure 3.3.13 shows the timeline view. In the timeline view, an axis appears for each new socket (<IP,port> pair). Each sent or received packet results in an arrow between the axes corresponding to the source and destination. Both UDP and TCP communications are displayed. (If the transmission is based on UDP, the arrow appears dashed; if the transmission is based on TCP the arrow appears solid.)
Figure 3.3.13: VTA Timeline View
Figure 3.3.14 shows the operation menu in the timeline view. User can lock/unlock the view so that no more packets will be added into this view. Clicking on the "Clear View" item will clear this view. Clicking on "Exit" will close this view. The "Set Filter" item will bring up a viewing filter shown below.
Figure 3.3.14 The operation menu in the timeline view
Figure 3.3.15 shows the viewing filter window for the timeline view. The user can choose which socket to appear in the timeline view in this window. Only packets to or from the hosts specified in this window will be shown on the view. Other packets will not be shown on the view. The default is to show all packets delivered to the timeline view.
Figure 3.3.15 The Viewing Filter for the timeline view
3.3.6 TCP status View
The TCP Staus view is shown in Figure 3.3.16. This view depicts the state of a TCP connection within the protcol state transition diagram. Different colors, red or green, mark the state in which the two connection endpoints currently reside. A third color marks states through which the connection has passed.
Figure 3.3.16: VTA TCP State Transistion Diagram View
Figure 3.3.17 shows the options menu in the TCP status view. User can lock/unlock the view so that no more packets will be added into this view. Clicking on the "Reset" item will clear this view.
Figure 3.3.17 The options menu in the TCP status view
Next Topic Using VTA wrapper library(vtaWrapper.a)