Document Number: OSUP1023
Product: Observer 5.x Or Greater
Date: 2-9-1998 (updated 5-28-2004)
Title: How do I set up real-time decoding of LAN traffic?

How do I set up real-time decoding of LAN traffic?
While this is possible, on a busy network the results may be displayed too quickly. This option will be most useful for developers or situations where filtering can isolate small parts of LAN communications.

For Observer version 9.x (or greater)
If you want to follow a conversation between two nodes its is best to set a filter so that only packets from the stations concerned are captured.

After the filter has been created go to "Capture" -> "Packet Capture" from the main menu. (If you have selected a filter the name of the filter should be shown on the top of the Packet Capture window). Start the capture by clicking on the "Start" button at the top of the Packet Capture window. Start the decode window by selecting "Decode" button at the top of the Packet Capture window. Observer is now showing the decode while doing packet capture. You can stop, start or clear the capture buffer from the decode window if you wish.

If you need to view and decode the packets comming into the buffer in real-time, select the "Settings" button from the button bar on the Decode tab of the Decode Analysis window (which is what should be looking at) and select the option for "Set focus on last packet".

For Observer version 5.x -> 8.x
If you want to follow a conversation between two nodes its is best to set a filter, so that only packets from the stations concerned are captured. This is done using the filers dialog (“Settings” -> “Probe Filter Setup”).

To begin a live decode you must first start the packet capture mode, by selecting
“Modes” -> “Packet Capture”.

Do not start the mode.

On the left-hand side of the packet capture window click on the magnifying glass button or “Mode Commands” -> “View”. This will display the decode window.

Now select the view configuration button on the left of the decode window
(“Mode Menu” -> “View Configuration”).

Next check the box “Set Focus on the last packet” then click OK.

Now move to the end of the capture buffer by clicking on the end red arrow on the packet control button at the top of the decode display.

Now start the mode by clicking the green arrow at the top of the buttons on the left of the decode window (or “Mode Commands” -> “Start Mode”).

Now the last packet on your LAN is being decoded in front of you.
  © 2010 Network Instruments, LLC. All Rights Reserved.
feedback                    terms/privacy                    corporate info