Sniffing packets

The sniffing function allows capturing packets coming into a specific interface and perform subsequent analysis of captured data. The interface scanning is possible for capturing any packets based on the protocols of the UDP or RTSP sessions (even if packets have the different destination address). If there are any available streams, analysis of these streams will start automatically.

For successful capturing of packets, it is required to:

  1. Organize receiving packets by a specific interface. Please ensure that the host is a recipient of multicast or unicast data. Otherwise, configure the router for forceful forwarding of packets to a sniffed port (traffic mirroring (SPAN));

  2. Allow probe access to the packet capture library.

  • Windows: install the Npcap (https://nmap.org/npcap/)packet capture library on the computer where the probe is launched. When installing the library, select the WinPcap API-compatible Mode and Support Loopback Traffic options;

  • Linux: launch the probe with the superuser privileges (sudo ./streamMonitor).

To start the monitoring process, specify the following parameters:

  • Duration — duration of sniffing for the selected interface.

  • Bitrate Threshold — the stream threshold bitrate value while sniffing. If the sniffed stream bitrate is higher than the specified threshold value, the stream will be added to the list of analysed streams.

  • Interface — the address for traffic scanning.

  • Task Autostart — if the option is enabled, monitoring tasks will automatically be created for sniffed streams.