PIAFCTM FAQ
  • How do I use this program?

  • What is a packet?

  • How do I print the list of packets?

  • What is HTTP?

  • What is the "ACK time-out" for?

  • What does the "Match case for Find and Filters" do?

  • How do I set up the packet filters to capture only the packets between my computer and another?

  • Why does File Mode consistently state "Error writing the file"?

  • What does this program use to capture packets?

  • Are there any known bugs and/or issues?

  • Why does the program installer say it's corrupt after I choose my language?

    •
    To find additional questions and answers, and/or to ask your own questions,
    see the PIAFCTM Support Forum.
    Question:
    How do I use this program?

    Answer:
    Choosing the correct Mode:
    Packet Mode: Use this mode if you wish to capture individual data packets and view them in raw format (Text, Hex, or Dec).
    File Mode: Use this mode if you wish to capture pictures, web-pages, and things of that sort.

    Choosing the correct interface IP address:
    Each IP address listed represents an interface on the current system, not an IP address of a remote system; Try choosing the IP address of the network device you wish to capture from (the one you wish to use to capture with) and see what the program captures from it. If you only see one IP address listed, this choice should not be difficult.

    For Packet Mode:
    1. Choose "Network interface" from the "Settings" menu, then choose the appropriate interface in which to listen.
    2. Press the "Start" button located on the main dialog.
    3. Wait for one or more packets to arrive, during this time you may minimize the window as you will be notified in the event of a packet's arrival by way of PC-Speaker sound (If available), and by way of the program's text in the taskbar blinking.
    4. When one or more packets have arrived, they will appear in the list located on the main dialog. You may then click one of these items to view its contents.

    For File Mode:
    1. Choose "Network interface" from the "Settings" menu, then choose the appropriate interface in which to listen.
    2. Where it says "Directory to store constructed files" enter the directory you would like the constructed files to be placed in.
    3. Press the "Start" button located on the main dialog.
    4. When TCP traffic is detected, the "Files processing" under "Current status" will show the number of file streams currently being followed.
    5. The "Files written" under "Current status" shows the number of files that have been written since the "Start" button has been pressed. Once one or more files have been written, you may go to the directory chosen with "Windows Explorer" or "My Computer" to view the files that have been written, also you may open these files directly with your web-browser.
    Question:
    What is a packet?

    Answer:
    The way data is transmitted on a network is in the form of what are called packets, a packet is data. The first part of a packet is what is known as the packet header, this contains information such as where the packet is intended to go, where it came from, and much more. The second part of a packet is what is known as the packet data, this contains the extra information that is to be sent and is usually essential to the workings of what the packet is used for. A common packet is the ping packet (ICMP), this packet is sent from one computer to one or more other computers on a network, the computers that are at the address(es) specified should return a 'ping reply packet' to inform the sender of their connectivity to the network.

    There are many different kinds of packets, all of which have their own properties and uses, some common types of packets are: TCP, UDP, ICMP, and ARP.

    Of these types, TCP is the most used on the internet. TCP is used for things like HTTP (The protocol used for viewing web pages), FTP (A common protocol used to transfer files). and POP (The protocol used to check standard e-mail)
    Question:
    How do I print the list of packets?

    Answer:
    1. Save the list by choosing File--Save.
    2. Open the list in a text editor (Notepad, Word, Wordpad, etc.).
    3. Choose File--Print in the text editor.
    Question:
    What is HTTP?

    Answer:
    HTTP (Hyper-Text Tranfer Protocol) is the protocol over which the images and documents on web-pages are transferred.
    Question:
    What is the "ACK time-out" for?

    Answer:
    The "ACK time-out" determines how long the program waits after receiving a packet from a file stream to determine that stream to be a complete file.

    Entering a number too small will cause incomplete files to be written to the disk.

    Under busy network conditions, entering a number too large may cause the program's max allowable streams (100,000) to be reached, resulting in the missing of some files that are being transferred. Entering a number too large also further delays the writing of files to the disk.
    Question:
    What does "Match case for Find and Filters" do?

    Answer:
    This setting allows you to choose whether or not you wish for the packet filter text(s), and the Find text to be case sensitive (UPPER CASE vs. lower case).
    Question:
    How do I set up the packet filters to capture only the packets between my computer and another?

    Answer:
    To set up the filters so as though the program will only capture packets going to and coming from a certain IP address, add your IP address along with the remote IP address to both the "Source IP(s) must be:" and "Dest. IP(s) must be:" lists.

    For example, if your IP address was 10.0.0.1 and the remote IP address was 200.200.200.50, you would need to have the filters setup as follows:

    "Source IP(s) must be:"
    10.0.0.1
    200.200.200.50

    "Dest. IP(s) must be:"
    10.0.0.1
    200.200.200.50

    Note, the order of the IP's in each list will NOT have an effect on the filtration.
    Question:
    Why does File Mode consistently state "Error writing the file"?

    Answer:
    There are a several reasons why this error message could be stated while running this software. Below are reasons which may be common:

    1. The path you have entered in the box titled "Directory to store constructed files:" does not include a suffixion of "\" (excluding the quotes). For example, C:\Temp\ will work while C:\Temp will not (granted you have a "Temp" directory on drive "C" and no other error condition is occuring).

    2. The directory specified by the path does not exist. To verify the path specified (including the directory), click the Windows(c) "Start" button then click "Run..." then enter the exact same path into the box titled "Open:", click OK. If the directory opens up successfully in Windows Explorer you have verified the path. Once again, be sure this is character for character the same as entered in PIAFCTM.

    3. The drive specified by the path is using the NTFS file system and the user account which the program is running on does not have Write / Create access to the specified directory.

    4. The drive specified by the path does not have sufficient free space to contain the constructed file without upsetting the operating system.

    5. The drive and/or directory specified does not have Write / Create access due to directory attributes and/or the drive containing the directory specified is not a writing device (a CDROM for example).
    Question:
    What does this program use to capture packets?

    Answer:
    Version 1.5.2 uses a thing called "Raw Sockets" to capture packets, while higher versions (2.x and higher) can use Raw Sockets or the NetworkActiv PIAFCTM Packet Driver.
    Question:
    Are there any known bugs and/or issues?

    Answer:
    Yes, there are several known bugs and issues:

    1. The program only captures one direction of the communications. This is a rather common issue with dial-up modems. To resolve this issue with network adapters, simply obtain NetworkActiv PIAFCTM 2.0 and choose to use the NetworkActiv PIAFCTM Packet Driver instead of Raw Sockets.

    2. When the "Start" button is pressed (and sometimes when the program is first started), the program states "Unable to listen on the interface". The most common cause is probably running this program on a version of Windows(c) that does not support it such as 95, 98, or ME. The next most common cause is probably running the program while logged on with a non-administrative user account. The next most common cause is probably running the program on a system that has Raw Sockets disabled; Certain programs available explicitely disable Raw Sockets; To solve this problem, re-enable Raw Sockets (you may be able to use the same program for this task). For information on compatibility of this software, see     Compatibility.

    3. When a TCP connection is established, the three-way-handshake packets are slightly out of order. This is a known issue that occurs on some systems.

    4. With some rare web-servers that do not correctly support HTTP 1.1 but claim to, the files are not saved. This incompatibility has been resolved in versions of PIAFCTM later than 1.5.2.

    5. File Mode does not work, it always states "Error writing the file". See the help topic located two sections (topics) above.

    6. The search feature does not work. This feature will not work when searching unicode text, this is not a bug, unicode searching is simply not implemented.

    7. This program does not get all of the traffic, it only captures packets involving the computer that it is running on. This is due to a limitation of the method used to capture packets. In some situations (and with some hardware) this problem is not present.

    8. When the listening is started, all TCP traffic on the system halts. This is a very rare issue that only occurs on some systems.

    If you find a bug or issue that you believe is missing from this documentation, please notify NetworkActiv.
    Question:
    Why does the program installer say it's corrupt after I choose my language?

    Answer:
    There are a few different reasons for receiving this message, common reasons are:

    1. You have a virus on your system. When a computer has a virus, it (the virus) will commonly copy its executable code into any new executable files (such as this installer), thereby resulting in the program executable being considered corrupt by the corruption testing system.

    2. The installer executable is corrupt. This may occur during download or it can be caused by hardware malfunction, the most common hardware to cause data corruption is the RAM. This problem could also be caused by a software malfunction.

    3. You have a program running (other than a virus) that is causing this problem. One program known to cause this problem is Macro Express; If you are currently using Macro Express, simply terminate (exit) Macro Express and then run the NetworkActiv program installer. After the installation completes, you may restart Macro Express.

    If you find other programs that are not mentioned here that cause this software to say it's corrupt, please let NetworkActiv know about it.
    (c)1999-2006 NetworkActiv - All rights reserved