Other features

This section describes the features and options of the software that are not included elsewhere in this manual.

Ethernet card manufacturer lookup

This tool allows you to look up a manufacturer’s name by MAC address. To look up a manufacturer’s name, click Tools - Ethernet Card Manufacturer Lookup, enter the MAC address and then press the Lookup button:

Ethernet card manufacturer lookup

Address book

The Address Book provides a convenient place to store information about network hosts for easy access. To open the address book, select Tools - Address Book in the main menu:

Address book

Net Stat

The SoftPerfect Network Protocol Analyzer includes a network tool called Net Stat. This tool allows you to see the network connections of your computer and find ports in “listen” mode (ready for connection processing). To activate Net Stat, select Tools - Net Stat in the main menu:

Net Stat

Export report

The SoftPerfect Network Protocol Analyzer can export captured packets to text files in various formats. To do this, select File - Save Report As in the main menu.

Merging/splitting captures

Sometimes you may want to split a large capture file into smaller files, or merge multiple capture files into a singe large file. Select File - Merge/Split Capture in the main menu.

Click the Add/Del buttons to choose capture files to be merged. Click the Merge Files button to merge the chosen files:

Merging/splitting captures - Merge tab

Click the Browse button to choose a capture file to be split. Click the Split File button to split the chosen file into smaller files of the specified size:

Merging/splitting captures - Split tab

File Formats

This section describes the formats of the files that the SoftPerfect Network Protocol Analyzer uses. You can use files generated by the SoftPerfect Network Protocol Analyzer in other utility programs. Note that, unlike other network analysers, these file formats are all open. They are described below.

CAP is a capture file in which captured packets (sessions) are stored.

Offset Size Name Description
0x0–0x2 3 Bytes CAPSIGN Signature line. This string value is always equal to “CAP”.
0x3 1 Byte CAPVER In this version of the software the value is always 1.
0x4–0x7 4 Bytes VTOTAL A long integer number (DWord). It is equal to the total number of data packets in a file.
The above header data is then followed by VTOTAL number of packet records. Here is the format of each variable length packet record:
  8 Bytes TIMESTAMP A Double type number holding the date and time the packet was received.
  2 Bytes PKTLEN A Word type number, the packet’s length.
  PKTLEN PKTDATA A block of PKTLEN length. This is the packet’s data.

LCAP is a capture file in which packets captured on loopback are stored. Due to the nature of loopback communications, it is different from a CAP file.

Offset Size Name Description
0x0–0x2 3 Bytes LCAPSIGN Signature line. This string value is always equal to “LCP”.
0x3 1 Byte LCAPVER In this version of the software the value is always 2.
0x4–0x7 4 Bytes VTOTAL A long integer number (DWord). It is equal to the total number of data packets in a file.
The above header data is then followed by VTOTAL number of packet records. Here is the format of each variable length packet record:
  8 Bytes TIMESTAMP A Double type number holding the date and time the packet was received.
  4 Bytes PROCESS_ID A DWord type number, which contains the process identifier.
  4 bytes+ PROCESS_NAME A DWord type number indicating the length of the following string. Then a UTF-8 encoded sequence of characters containing the process name.
  4 Bytes DIRECTION A DWord type number. Can be either 0 for local-to-remote, or 1 for remote-to-local.
  4 Bytes PROTOCOL A DWord type number containing the protocol type (6 for TCP, 17 for UDP).
  4 Bytes LOCAL_ADDRESS A DWord type number containing the local IPv4 address.
  4 Bytes REMOTE_ADDRESS A DWord type number containing the remote IPv4 address.
  2 Bytes LOCAL_PORT A Word type number containing the local port.
  2 Bytes REMOTE_PORT A Word type number containing the remote port.
  4 Bytes PKT_LEN A DWord value containing the data length in bytes.
  PKT_LEN PKT_DATA A sequence of bytes of variable length (payload).

RAW is a type of file containing a saved packet as the original sequence of bytes.

XML is a filter file. It is a typical XML file where the filter settings are saved. You can gain more information about it by simply viewing it as a text file.