Packet Capture Software for C-Board-like devices
("GyTapperC")

• Features
• Connections of the GyTapperC module
• User interface
• Logging
• The web-interface
• Distribution filtering rules
• Stats and events
• IP address names
• Configuration
• Version history

• Captures IP packets (carried by Ethernet frames) from C-Board, C-GEP or Packet Distributor
• Can connect to the Sga-7N Monitor Poller module
• Distributes captured packets amongst monitors based on IP address and port
• Provides a web-interface to access the log file, the INI file, the status window, and collected IP address pairs remotely
• GyTapperC is the same as the GyTapper v1.37', only the input configuration are various

The main menu

Menu	Menuitem	Shortcut(s)	Meaning
[Log]
	Find line containing...	(Ctrl-F)	Finds text in log window
	Find next matching line	(F3)	Finds next occurrence of text in log window
	Details		Detail level of logging (Off, Normal, Detailed, or Debug)
	Flush status line counters now!		The status line counters can be flushed
	Flush and zero status line counters now!		The status line counters can be flushed and cleared
[Capture]
	Start/Stop capturing	(Ctrl-S or )	Capturing can be enabled or disabled
	Reload input device (port)list	(Ctrl-I)	Input device (port) list can be reloaded
[Monitors]
	Zero all Rx counters		Rx counters can be cleared
	Syntax-check list		Monitor list can be syntax-checked
	Reload list		Monitor list can be reloaded
	Allow auto-connect	(Ctrl-A or )	Enables automatic connection to the monitors
	Terminate all connections gracefully		Closes connections properly
	Abort all connections immediately(!!!BRUTAL!!!)		Tears down connections immediately by breaking low layer sockets
[Options]
	Auto scroll	( )	Allow automatic scrolling of the log screen
	Show log	(Ctrl-Tab)	Shows log screen
	Show monitors	(Ctrl-Tab)	Shows monitor screen
	Save settings		Saves actual settings into the configuration (INI) file

Buttons

Button	Action
	Disables/enables capturing ([Capture] / Start/Stop capturing menu item)
	Disables/enables automatic connection to the monitors ([Monitors] / Allow auto-connect menu item)
	Opens the status page of the web-interface in the deafult web browser
	Disables/enables automatic scrolling of the log screen ([Options] / Auto scroll menu item)

The bottom status-line

• Sga-7N Poller: Status of the connection to the Poller module (its colour is red if not connected, grey if connected, purple if not defined)
• Poller connection counters:
  • Not yet connected: Indicates that the Poller connection is defined but not yet established.
  • Counters in case of established Poller connection:
    • Connected: Indicates the number of (re-)connections
    • Tx OK/fail: Number of messages transmitted correctly or with failure
    • Rx OK/fail: Number of messages received correctly or with failure
• Uptime: Time elapsed since module has been started up
• Monitors: Number of monitors currently connected
• #0..4, #5..9: Status of monitored interfaces (INI/[Capture]/sInputDevice#0..9)
  • green: If there is a configured interface and the capturing is working properly
  • orange: If there is a configured interface and the capturing is not working properly or more than one connection is established
  • red: If there is a configured interface but there is no connection
  • white: If there is no configured interface
  • yellow: This indicates a strange behaviour
• Rx: Number of bytes and packets received
• Overflown: Number of packets overflown due to network problem
• Mismatched: Number of packets that do not fit in any distribution rule

Details of "Monitors" window

• Con. Status: Identifier of the monitor and the status of the connection
• IPaddress : TCPport: IP adress and TCP port of the monitor
• Last rx'ed at (UTC): Timestamp of last received packet
• Rx [bytes]: Number of received bytes
• Rx [packets]: Number of received packets
• O.f. [packets]: Number of packets dropped due to network problem
• Buff'ed [bytes]: Status of the transmission buffer (max size: 1,000,000byte)
• Will terminate: Terminated monitor connection (value during normal operation: "no")

The popup menu of the "Monitors" window

Logging

Version history

v3.36
• (c) Can send ID not only to the Monitor machines, but also to the 7N-Poller (optionally)
• (n) INI/[Sga-7N Poller]/sSendThisTapperName
• (n) INI/[Monitor 'xxx']/sSendThisTapperName (default is empty, which means not to send an ID)
• (c) More effective timing strategy for data sending on monitor unit connections
• (c) Limit for the number of named machines (listed in INI/[Advanced]/sIPaddrNames2file) increased from 3200 to 5200
• (c) "?Gy" query on the WebInterface now works with IPv6 addresses, as well
• (c) The INI/[Monitor 'xxx']/sSendThisTapperName field ID is displayed on the WebInterface
• (c) Limit for the monitor units increased 50 from 25.
• (n) Dynamic buffer allocation for monitor connections: 50*10MB memory is allocated for buffers and this amount of memory is shared amongst the maximum count of monitors (INI/[Monitors]/dwMonitorMaxCount < 50) (the default buffer size is still 10MB for each monitor)
• (n) Buffer memory allocated for the monitor connections is logged
• (n) INI/[Monitors]/dwMonitorMaxCount; default: 50
• (c) Size of status line counters increased to 8 byte from 4 byte to avoid overflow
• (n) Checks whether log path exists (INI/[Advanced]/sLogFilesPath)
• (c) Can read four times higher INI/[Monitor 'xxx'] section

v3.22
• (c) More precise 3-second averaged traffic indication on the WebInterface

v3.21
• (n) Number of IP address names was increased from the previous maximum of 2000 to a new maximum of 3200.
• (n) Web interface "GET /?IPAddrNames" displays the number of result rows (IP address names) as well.
• (f) Link statistics might have been sent about obsolete links, i.e., after the definition of the signaling link was removed.

v3.20
• (n) <--, -->, <+-, -+>
• (n) IPv6 IP address based distribution
• (n) [Monitor 'MMM']/bEncryptAllTraffic

v3.15
• (n) Signaling link traffic distribution based on the BVCI value ($BVCI)
• (n) F12 push button: LogLevel = "Off"
• (n) Optional AES-256/CBC encryption per monitor
• (f) No more overflow of the 300 second traffic counter
• (n) Optional BVCI filter
• (n) "WIF" push button
• (c) Number of IP address names (IPAddrNames2.csv) was increased from the previous maximum of 1000 to a new maximum of 2000.
• (f) Fixes of rarely occuring "Monitor does not want to disconnect!" event
• (n) Logging the state of encryption when connects to a receiver module
• (n) Accepts, decrypt, forwards AES-256/CBC encrypted packets received from other TapperX modules

v3.14
• (n) Can use "-+-" in link definition to duplex LinkID.

v3.13
• (n) Accepts GyTapper as input.

v3.12
• (n) Displays time of reloading monitor config.

v3.11
• (n) Allows remarks after link definition.
• (c) Fixes time-offset problems of SGA-Cards.
• (c) Local IP address changing with reloading monitor list.

v3.10
• (n) First release