Once youâve successfully installed Ax3soft Unicorn on your system, you can begin to familiarize yourself with it. Now you finally get to open your fully functioning packet sniffer and see . . . absolutely nothing! Okay, so Unicorn isnât very interesting when you first open it. In order for things to really get exciting, you need to get some data through Unicorn setup.Â
Unicorn Setup: Your First Packet Capture
To get packet data into Ax3soft Unicorn, youâll perform your first packet capture. You may be thinking, âHow am I going to capture packets when nothing is wrong on the network?âÂ
First, there is always something wrong on the network. If you donât believe me, then go ahead and send an email to all of your network users and let them know that everything is working perfectly.
Secondly, there doesnât need to be something wrong in order for you to perform packet analysis. In fact, most packet analysts spend more time analyzing problem-free traffic than traffic that they are troubleshooting. You need a baseline to compare to in order to be able to effectively troubleshoot network traffic. For example, if you ever hope to solve a problem with DHCP by analyzing its traffic, you must understand what the flow of working DHCP traffic looks like.
More broadly, in order to find anomalies in daily network activity, you must know what normal daily network activity looks like. When your network is running smoothly, you can set your baseline so that youâll know what its traffic looks like in a normal state.
So, letâs capture some packets!
1. Launch Unicorn
here will be a shortcut icon on the âDesktopâ and âStart Menuâ after finished installs Unicorn. Launch Unicorn with the following ways:
- Launch from the desktop
Double-click the icon of âUnicorn Network Analyzerâ to start the program.
- Launch from Quick Launch Bar
Choose âUnicorn Network Analyzerâ in the âQuick Launch Barâ to start the program.
- Launch from the Start menu
Choose the âstart> All Programs> Unicorn Network Analyzerâ menu to start the program.
Notes: You need to choose a default local network segment in the popup a dialog window, in the first time run Unicorn, if there are more than one network card and each one with different network segment IP in the PC Unicorn installed.
Please choose the network card and then click the OK button.
After unicorn has started, you will see first screen of unicorn to be appeared as below:
2. Choose âanalysisâ tab of ribbon section and click the âStartâ button to show âCapture Optionâ window. To do this, you can also click âStartâ button in âStart Pageâ window.
3. Choose network adapters you want to use them to capture packets from the âAdaptersâ list window. All available network adapters will be listed in the window, including wired and wireless adapters. Data is transmitted over the network via network adapters, also known as Network Interface Card, NIC for short, and network analyzers capture the data through network adapters. When a network adapter is selected, its detail will be display, including Media, Address and Link Speed. Unicorn support one or more network adapters at one time.
4ïŒClick the âOKâ button to capture and analyze network transfer. It is default to capture and analyze all network transfer and save packets to memory buffer, if you just want to analyze some specific packets on the network, you should use packet filters. Click âCreating Filtersâ for details. Or if you want to save packets to a disk file, click âCapture Option>Generalâ for details.
Unicorn Fundamental: Main Window
Youâll spend most of your time in the Unicorn main window. This is where all of the packets you capture are displayed. Using the packet capture you just made, letâs take a look at Unicornâs main window. We adopted new Microsoft Office UI as main user interface of Unicorn; the interface is divided into seven parts, including âHomeâbutton, âRibbon Command Barâ, âTitle Barâ, âHelpâ button , âOutput Windowâ, âNode Explorerâ and âStatistical Viewâ. Unicorn enters the main user interface in which you can start a new project, playback packets, build a filter and so on; all functions provided can be realized on the main user interface. Unicorn intends to offers a summary-to-detail, intuitive, easy-to-use graphical interface to present analysis data, see following figure.
Please choose the network card and then click the OK button.
After unicorn has started, you will see first screen of unicorn to be appeared as below:
2. Choose âanalysisâ tab of ribbon section and click the âStartâ button to show âCapture Optionâ window. To do this, you can also click âStartâ button in âStart Pageâ window.
3. Choose network adapters you want to use them to capture packets from the âAdaptersâ list window. All available network adapters will be listed in the window, including wired and wireless adapters. Data is transmitted over the network via network adapters, also known as Network Interface Card, NIC for short, and network analyzers capture the data through network adapters. When a network adapter is selected, its detail will be display, including Media, Address and Link Speed. Unicorn support one or more network adapters at one time.
4ïŒClick the âOKâ button to capture and analyze network transfer. It is default to capture and analyze all network transfer and save packets to memory buffer, if you just want to analyze some specific packets on the network, you should use packet filters. Click âCreating Filtersâ for details. Or if you want to save packets to a disk file, click âCapture Option>Generalâ for details.