Performing a network log

The following is a walk-through on how to use SAM to create a NETLOG file, by logging packets as they are sent and received on a network interface. To perform a network log in SAM, you must be running SAM as root.

Starting a network log

To start performing a network log, first click on the ``Create Log'' button on the toolbar top-left, as indicated below. Alternatively, you can click on the ``File'' menu, and then on ``Create Log''. Either will bring up a new window where you will set the logging options.

Figure 2: The `Create Log' button on SAM's toolbar

Setting logging options

The options desired for the network log should be set as follows, with the step number corresponding to the number on the figure below:

1. Network Interface
   Enter the network interface you'd like to perform the log on. If you're not sure and you're using a network card, try the default of eth0. If you're using a ppp connection (like a dial-up connection over a modem) then try ppp0.
2. Fields to log
   The window displays a list of possible TCP and IP header fields to record, as shown below. Select the fields you would like to log, by any combination of single clicking on fields to select or deselect them, or using the ``Select All'' or ``Deselect All'' from within the ``Edit'' menu.
3. Logging interval
   Packet information can be logged either every time a set number of packets has passed, or alternatively every set number of milliseconds. Choose one of these options by clicking on the appropriate radio button, and use the spin box to enter a corresponding interval.
   Note: If a time interval is specified, it must be a multiple of 100ms. The maximum possible time interval is 3600000 ms (1 hour). If an invalid interval number is entered, it will be replaced by the nearest number in the valid range.
4. Logging duration
   Enter a logging duration in hours, minutes and seconds using the spin buttons indicated below.
5. Select a dump file
   Enter a filename to dump to, or alternatively click `Browse' to find the right directory or file.
6. Click `Begin Logging'
   Click on `Begin Logging' to start logging your network interface. Doing so will cause the settings part of the window to grey out, and will enable the status part of the logger window which will display the current logging status until the log is either finished or ``End Logging'' is clicked, at which time you will return to the settings window.

Note that while a log is being performed, you can also use SAM to perform, for example, an analysis on some data you have logged in an earlier session.

Figure 3: The network logging window, numbered

Ending a logging session

When the logging duration you specified in the log settings is up (as measured from when you clicked `Begin Logging'), the log will stop automatically and a `Logging Successful' dialog box will pop up. You can also end a log at any time by clicking the cancel button on the `Logging Status' window.