Configuration files used by Analyzer

The analysis engine (Query program) uses five types of configuration files:

• Log File Format (LFF): the format of the capture files which are readable by the Analysis engine is settable through the LFF file (Log File Format). This file describes the structure of the formats of the capture files to the analysis engine. So the analysis engine, setting the right LFF file, can read each type of capture file whatever its format may be. For instance Analyzer uses a capture engine which creates capture file with the ACP format; NetXRay uses a capture engine which creates capture files with a 'NetXRay format'. If we want to read a NetXRay capture file with Analyzer we have to describe its format to the analysis engine. This operation is done giving to the analysis engine a LFF file which describes the new format.
• Protocol Definition Format (PDF): it is possible adding new protocols to the supported ones; this operation is done through the PDF file. This file describes the fields organization of the new protocol and so it makes the Analysis engine able to decode the packets of the new protocol.
• Definition File Format (DFF), Index File Format (IFF): the definition of the output texts created by the Analysis engine are defined by these files. Then the interface receives these texts and presents them in more friendly way.
• Statistics (STT): they describe to the analysis engine the statistics which have to be evaluated on a capture file.
• MACro Files (MAC): they contain an instructions series for the analysis engine.

All the listed files, save the ACP file, are text file so you can edit them through a text editor. Besides all the files, but the STT file, does not need end row types or a particular string organization, so you can page them as you want.

DAT files

Then there is a list of DAT files which are stored in the folder 'Data'; all the following files, but Tables.dat, are directly used by Analyzer interface.

• Cap_fltr.dat: the filter list which is presented by the dialog used to set the capture filter (select filter dialog). Filter syntax is the one of WinDump (http://netgroup-serv.polito.it/WinDump/).
• Exts.dat: the LFF files presented by the dialog 'Capture definition and file association' (menu: Setup/Captures/Captures Association).
• Filters.dat: the filter list presented by the dialog which sets the filter used to select the packets (select filter dialog).
• metering.dat: the filters list presented by the dialogs 'Monitoring Settings' and 'Statistics Settings'. It is a text file; the syntax:

[filter_group_name] //indicates the folder where the following listed filters are grouped
filter_description,filter_name, //the filter syntax is the one of WinDump

• Tables.dat: it includes several constants used by the parsers; these include a list of Ethertype, protocol type, and others.

INI files

• Analyzer.ini: used by the analyzer interface.
• Query.ini: used by analysis engine.
• Graphs INI files: used by graphs files.