Xonet parts

This is the main window of the program.


Menu

The menu File has this options:

  • New workspace:

    • Add a tab to the main applicaction, the new tab contains a empty workspace.

  • Open workspace:

    • Open a workspace from a file, this options add a tab with the new workspace.

  • Save workspace:

    • Save a workspace to a file, it is the workspace whose tab is selected.

  • Load packets:

    • Loads one or more packets from a file, the loaded packets are set at the global panel.

  • Save packets:

    • Save one or more packet to a file.

Status bar

The status bar appears at the bottom of the main window, is the way the system communicates with the user, provides information about status and possible errors.


Global panel

The global panel is in the right side of the application, it is always visible and independent of tabs.


The global panel serves as communication channel for the tabs, allows the user to move packets between tabs.

Each packet is represented by two fields:

  • Name:

    • Identifies one packet over other packets, you can change his name by selecting the packet and then clicking on the value.

  • Protocol:

    • The protocol field represents the type of packet.

For management, the global panel contains three buttons:

  • Move left:

    • Moves the selected packet in the global panel to the current tab.

  • Move right:

    • Moves the selected packet of the current tab (Sniffer or Packet editor) to the global panel.

  • Delete packet:

    • Removes a packet from the global panel.

Packet editor:

The packet editor can be found in the first tab of the application, is the responsible for creating and modifying packets.


The tab has the following buttons:

  • Add header:

    • Add a header to the current packet. We must select the protocol and the position where we want to insert it. Specifying the USER protocol, we can insert a header created by the user.

  • Modify header:

    • Modifies the values of the selected header.

  • Delete header:

    • Deletes one header.

  • Define protocol:

    • Define a new protocol, we can specify the protocol name, the number of fields and the field names.

  • Clean packet:

    • Removes all headers in the current packet.

Sniffer

In the second tab of the application we can found the sniffer, it is a simple packet analyzer.


As you can see in the picture, each packet is represented by four fields.

  • Number:

    • Identifies the order of packets.

  • Source:

    • Contains the source IP address of the IP protocol, if the packet does not use the IP protocol then will have the source MAC address of the Ethernet protocol.

  • Destination:

    • Contains the destination IP address of the IP protocol, if the packet does not use the IP protocol then will have the destination MAC address of the Ethernet protocol.

  • Protocol:

    • The protocol represents the type of packet.

Selecting a packet will get a more detailed description of all headers in the bottom of the window.

To use the sniffer, the interface has the following buttons:

  • Activate:

    • Activate the sniffer, in case there is a problem, we will get a description of the error in the status bar.

  • Desactivate:

    • Turn off the sniffer.

  • Stop and clean:

    • Turn off the sniffer and clean the window.

  • Network interface:

    • Select the network interface and the mode.

  • Global filters:

    • Sets the filters that are applied to the captured packets. You can define one or more filters, each filter consists of a protocol, a protocol field, an operation of comparison and a reference value.

    Comparison operations are:

    • Greater:

      • Check that the field value is greater than the reference value.

    • Less:

      • Check that the field value is less than the reference value.

    • Equal:

      • Check that the field value is equal to the reference value.

    • Distinct:

      • Check that the field value is distinct from the reference value.

    • Contains:

      • Check that the field value contains the reference value.

    • No contiene:

      • Check that the field value does not contain the reference value.

  • Pcap filters:

    • They are the libpcap filters, are the same ones used by Tcpdump.

Note: Pcap filters are applied first and then global filters. Packets that do not pass the pcap filters are not decoded, this means less effort for the application..

Workspace

Workspaces can be found on the last tab, by default there is only one open, but you can have all you need.


  • Activate:

    • Executes the operations defined in the workspace.

  • Desactivate:

    • Stop all active operations.

  • Clean workspace:

    • Delete all operations.

  • Add packet inyection:

    • Add a packet injection operation. The configuration options are:

    • Packet:

      • Specifies the packet that will be sent.

    • Interface:

      • Specifies the network interface.

    • Operation:
      • Simple: Sends the packet once.
      • Several: Send the packet several times, you must specify the number of packets.
      • Range: Send multiple packets based on the main packet. The user define a range of values ​​for some field of the packet and the application take cares of sending the packets. The format of the range is value1 value2-value3-. . . . -valueN.
      • Infinite: Send the same packet until the user turn off the workspace.

    • Threads:

      • Specifies the number of threads used. Increase the number of threads implies a larger number of packets sent per unit time.

    • Time (seconds):

      • Sets the time between each packet.

  • Add packet modification:

    • Add a packet modification operation, this operation can receive packets, filter, modify and forward them. It is configured with the following parameters:

    • Sniffer interface:

      • Sets the network interface to capture packets.

    • Inyection interface:

      • Sets the network interface to send packets.

    • Global filters:

      • Global filters define the packet forwarding. All packets that pass these filters are always forwarded by the selected interface.

    • Modifications:

      • Defines modificationes on the packets, you can define several modifications. Each modification is composed of two elements:

      • Filter:

        • Specify the filters of each modification, the packets that pass the filters will be modified. In case the filter is empty all packets are accepted.

      • Mods:

        • Define the changes, it is necessary to select a protocol, a field and a value, and it is also possible to select the specific bytes to modify.

    Note 1: If a protocol is not in the packet then the modification is dropped.

  • Add waiting time:

    • Set a time between operations, time is defined in seconds.

  • Add waiting condition:

    • This operation defines a condition of waiting, the workspace is stopped until the condition is satisfied. The condition is specified with these parameters:

    • Interface:

      • Set the network interface to capture packets.

    • Filter:

      • Set the de condition.

Shortcuts:


Keys Action
Control+N Add a new workspace.
Control+O Open a workspace.
Control+S Save a workspace.
Control+L Load packets.
Control+G Save packets.