LanDetective User Interface - Log View

As it was mentioned earlier, right after data has been captured and processed by LanDetective Internet Monitor, the application records it to log. Log is a database that registers information on all intercepted data. The Log view mode helps you find required information in log and display it in a convenient format. Information in the Log view mode appears as list; each row on the list corresponds with a certain log record. As log can contain a huge number of records, to make the viewing more convenient, the entire list of records is split into pages. Each page contains up to 1000 entries. To navigate though the pages, you can use the corresponding toolbar. Unlike in the Monitoring view mode, the list in the Log view mode does not update automatically. To synchronize the list with log content, use the Refresh button on the main toolbar or press F5.

WEB Tab

In the Log View mode the WEB tab displays a list of entries with the following columns (some of the columns are hidden by default):

  • Date – date the WEB entry was added to the log
  • Time – time the WEB entry was added to the log
  • NIC – identifier of the network adapter the data was intercepted from
  • Client MAC – MAC address of the client computer
  • Client IP – IP address of the client computer
  • Server IP – IP address of the server that the client computer connected to
  • Server Port – TCP port the connection was made to
  • Size – downloaded/transferred file size
  • Media type – MIME-type (content type) of the intercepted file. For example, image/gif for an image of the GIF format, text/html for a file of the HTML format. You can see the list of basic types at IANA
  • Host – name of the host the connection was made to
  • Request – HTTP request sent by the client to accept/transfer data
  • Local File – name of the local file to which intercepted data was saved to

The appearance of the list can be set up via the context menu, which can be opened by right-clicking on the list header.

The preview pane below the list shows the content of the intercepted file, which you can select by clicking on the corresponding row on the list. LanDetective Internet Monitor allows viewing files of different types. You can view images and text files, listen to audio files, watch videos, etc. When viewing HTML files, LanDetective Internet Monitor will show the pages with images, applied CSS styles and included other external resources. No connection to the Internet will be established; all the resources will be loaded from a local database.

Besides the content of the intercepted files, you can see HTTP headers sent and received by the client. To view HTTP headers, click Details on the toolbar of the preview pane. If HTTP headers include any Base64 - encoded passwords for accessing the web site, you can view it by clicking on Show the login/password... To return to the content of the file, click on the Preview button.

You can also print the content from the preview pane. To do that, right-click on the window and then select the corresponding option on the context menu. For more convenience, the log is split into pages by 1000 entries. To navigate though the log, use the toolbar above the list.
The toolbar has the following buttons:

  • First – moves to the first page (to the beginning of the log)
  • Back – moves to the previous page
  • Next – moves to the next page
  • Last – moves to the last page (to the end of the log)

There is also a search box on the toolbar to quick-search through current page. Please note that the search runs through current page only and doesn't go through the entire log. The application will search through the content of all available columns.

With the Log Filter, you can reduce the number of displayed entries, i.e. only display entries you are interested in. The Log Filter has separate log field (column) filters.

On the WEB tab, you can filter displayed entries by the following log fields (list columns):

  • Date – filters displayed entries by date
  • Media type – filters displayed entries by HTTP Media type
  • Host – filters displayed entries by host name
  • Client IP – filters displayed entries by IP address of client computer
  • Server IP – filters displayed entries by server IP address
  • Server Port – filters displayed entries by server TCP port number
  • Size – filters displayed entries by size of the intercepted data (file)

To manage a filter, use the context menu that appears by right-clicking on the corresponding filter field:

  • Field: Date
    • Add – adds a new value to the filter
      • Last day – macro with a value always equal to the most recent date in the log
      • Last 2 days – macro with a value always equal to 2 most recent dates in the log
      • Last 3 days – macro with a value always equal to 3 most recent dates in the log
      • <DATES list> – dynamically generated list of dates that allows selecting any date from available in the log. You can choose either an individual day or an entire month. You can also combine dates.
    • Clear – clears the selected filter
    • Filter policy – sets the filter policy (strategy)
      • Accept – displays entries matching the filter value
      • Reject – hides (does not display) entries matching the filter value
      • Disable Filter – deactivates the filter
  • Field: Media type
  • Field: Host
  • Field: Client IP
  • Field: Server IP
    • Edit... – changes the filter content. Use the dialog box that appears to change the filter content. The box has two lists: Available - values available for filtering, and Filtered - values to be filtered by the filter. To add a new value to the filter, select it on the list of available values and then add it to the list of filtered values by clicking on the special button. The values can be removed from the filter just the same way. The filter can contain any number of values. Please note that the list of available values is created with regard to other filters. For example, if before editing the filter you have set date filters, the list of available values will be created with regard to the specified date.
    • Clear – clears the selected filter
    • Filter policy – sets the filter policy (strategy)
      • Accept – displays entries matching the filter value
      • Reject – hides (does not display) entries matching the filter value
      • Disable Filter – deactivates the filter
  • Field: Server Port
  • Field: Size
    • Add... – adds a new value to the filter. Use the dialog box that appears to add a new value to the filter.
    • Clear – clears the selected filter
    • Filter policy – sets the filter policy (strategy)
      • Accept – displays entries matching the filter value
      • Reject – hides (does not display) entries matching the filter value
      • Disable Filter – deactivates the filter

Each field of the Log Filter can contain any number of values.

Filter example:

Client IP contains 192.168.1.1, 192.168.1.2
Media type contains text/html
Filter policy for both fields – Accept

This filter can be interpreted as: display all entries where (media type = text/html) and (client IP = 192.168.1.1 or client IP = 192.168.1.2)

You can also quickly add a new value to the Log Filter via the context menu on the entry list. Just select the row on the list, then select the Add Log filter item on the context menu (right-click) and then specify the value to be added.

FTP Tab

In the Log View mode the FTP tab displays a list of entries with the following columns (some of the columns are hidden by default):

  • Date – date the FTP entry was added to the log
  • Time – time the FTP entry was added to the log
  • NIC – identifier of the network adapter the data was intercepted from
  • Client MAC – MAC address of the client computer
  • Client IP – IP address of the client computer
  • Server IP – IP address of the server that the client computer connected to
  • Server Port – TCP port the connection was made to
  • Size – downloaded/transferred file size
  • Account – account used by the client for connecting to the FTP server (for example, Anonymous)
  • Request – FTP command sent by the client to accept/transfer the file
  • Local File – name of the local file, which the intercepted file was saved to

The appearance of the list can be set up via the context menu, which can be opened by right-clicking on the list header.

The preview pane below the list shows some details on the intercepted file, which you can select by clicking on the corresponding row on the list.
For more convenience, the log is split into pages by 1000 entries.
To navigate though the log, use the toolbar above the list. The toolbar has the following buttons:

  • First – moves to the first page (to the beginning of the log)
  • Back – moves to the previous page
  • Next – moves to the next page
  • Last – moves to the last page (to the end of the log)

There is also a search box on the toolbar to quick-search through current page. Please note that the search runs through current page only and doesn't go through the entire log. The application will search through the content of all available columns.

With the Log Filter, you can reduce the number of displayed entries, i.e. only display entries you are interested in. The Log Filter has separate log field (column) filters.

On the FTP tab you can filter the displayed records by the following log fields (list columns):

  • Date – allows filtering the displayed records by date.
  • Account – allows filtering the displayed records by FTP account name.
  • Client IP – allows filtering the displayed records by IP address of the client computer.
  • Server IP – allows filtering the displayed records by server IP address.
  • Server Port – allows filtering the displayed records by server TCP port number.
  • Size – allows filtering the displayed records by size of the intercepted data (file).

To manage a filter, use the context menu that appears by right-clicking on the corresponding filter field:

  • Field: Date
    • Add – adds a new value to the filter
      • Last day – macro with a value always equal to the most recent date in the log
      • Last 2 days – macro with a value always equal to 2 most recent dates in the log
      • Last 3 days – macro with a value always equal to 3 most recent dates in the log
      • <DATES list> – dynamically generated list of dates that allows selecting any date from available in the log. You can choose either an individual day or an entire month. You can also combine dates.
    • Clear – clears the selected filter
    • Filter policy – sets the filter policy (strategy)
      • Accept – displays entries matching the filter value
      • Reject – hides (does not display) entries matching the filter value
      • Disable Filter – deactivates the filter
  • Field: Account
  • Field: Client IP
  • Field: Server IP
    • Edit... – changes the filter content. Use the dialog box that appears to change the filter content. The box has two lists: Available - values available for filtering, and Filtered - values to be filtered by the filter. To add a new value to the filter, select it on the list of available values and then add it to the list of filtered values by clicking on the special button. The values can be removed from the filter just the same way. The filter can contain any number of values. Please note that the list of available values is created with regard to other filters. For example, if before editing the filter you have set date filters, the list of available values will be created with regard to the specified date.
    • Clear – clears the selected filter
    • Filter policy – sets the filter policy (strategy)
      • Accept – displays entries matching the filter value
      • Reject – hides (does not display) entries matching the filter value
      • Disable Filter – deactivates the filter
  • Field: Server Port
  • Field: Size
    • Add... – adds a new value to the filter. Use the dialog box that appears to add a new value to the filter.
    • Clear – clears the selected filter
    • Filter policy – sets the filter policy (strategy)
      • Accept – displays entries matching the filter value
      • Reject – hides (does not display) entries matching the filter value
      • Disable Filter – deactivates the filter

Each field of the Log Filter can contain any number of values.

Filter example:

Client IP contains 192.168.1.1, 192.168.1.2
Account contains anonymous
Filter policy for both fields – Accept

This filter can be interpreted as: display all entries where (account = anonymous) and (client IP = 192.168.1.1 or client IP = 192.168.1.2)

You can also quickly add a new value to the Log Filter via the context menu on the entry list. Just select the row on the list, then select the Add Log filter item on the context menu (right-click) and then specify the value to be added.

MAIL Tab

In the Log View mode the MAIL tab displays a list of entries with the following columns (some of the columns are hidden by default):

  • Date – date the Email entry was added to the log
  • Time – time the Email entry was added to the log
  • NIC – identifier of the network adapter the data was intercepted from
  • Client MAC – MAC address of the client computer
  • Client IP – IP address of the client computer
  • Server IP – IP address of the server that the client computer connected to
  • Server Port – TCP port the connection was made to
  • Protocol – used email protocol/service (SMTP, POP3, IMAP, GMAIL, HOTMAIL)
  • Size – sent/received e-mail message size
  • Sender - e-mail sender's address
  • Recipient - e-mail recipient's address
  • Cc – email copy recipients' addresses
  • Subject – message subject
  • Local File – name of the local file the intercepted email was saved to

The appearance of the list can be set up via the context menu, which can be opened by right-clicking on the list header.

The preview pane below the list shows the content of the intercepted email, which you can select by clicking on the corresponding row on the list. If the email contains any attachments, you will see them also.

Besides the intercepted email content, you can see email headers (RFC 822). To see the headers, click on the Details button on the toolbar of the preview pane. To return to the content of the e-mail message, click on the Preview button.

You can also print the content from the preview pane. To do that, right-click on the window and then select the corresponding option on the context menu. For more convenience, the log is split into pages by 1000 entries. To navigate though the log, use the toolbar above the list.
The toolbar has the following buttons:

  • First – moves to the first page (to the beginning of the log)
  • Back – moves to the previous page
  • Next – moves to the next page
  • Last – moves to the last page (to the end of the log)

There is also a search box on the toolbar to quick-search through current page. Please note that the search runs through current page only and doesn't go through the entire log. The application will search through the content of all available columns.

With the Log Filter, you can reduce the number of displayed entries, i.e. only display entries you are interested in. The Log Filter has separate log field (column) filters.

On the MAIL tab, you can filter displayed entries by the following log fields (list columns):

  • Date – filters displayed entries by date
  • Protocol – filters displayed entries by email protocol/service (SMTP, POP3, IMAP, GMAIL, HOTMAIL).
  • Sender - filters displayed entries by sender e-mail address
  • Recipient - filters displayed entries by recipient e-mail address
  • Client IP – filters displayed entries by IP address of client computer
  • Server IP – filters displayed entries by server IP address
  • Server Port – filters displayed entries by server TCP port number
  • Size – filtering displayed entries by size of the intercepted email

To manage a filter, use the context menu that appears by right-clicking on the corresponding filter field:

  • Field: Date
    • Add – adds a new value to the filter
      • Last day – macro with a value always equal to the most recent date in the log
      • Last 2 days – macro with a value always equal to 2 most recent dates in the log
      • Last 3 days – macro with a value always equal to 3 most recent dates in the log
      • <DATES list> – dynamically generated list of dates that allows selecting any date from available in the log. You can choose either an individual day or an entire month. You can also combine dates.
    • Clear – clears the selected filter
    • Filter policy – sets the filter policy (strategy)
      • Accept – displays entries matching the filter value
      • Reject – hides (does not display) entries matching the filter value
      • Disable Filter – deactivates the filter
  • Field: Protocol
    • Add – adds a new value to the filter
      • SMTP
      • POP3
      • IMAP
      • GMAIL
      • HOTMAIL
    • Clear – clears the selected filter
    • Filter policy – sets the filter policy (strategy)
      • Accept – displays entries matching the filter value
      • Reject – hides (does not display) entries matching the filter value
      • Disable Filter – deactivates the filter
  • Field: Sender
  • Field: Recipient
  • Field: Client IP
  • Field: Server IP
    • Edit... – changes the filter content. Use the dialog box that appears to change the filter content. The box has two lists: Available - values available for filtering, and Filtered - values to be filtered by the filter. To add a new value to the filter, select it on the list of available values and then add it to the list of filtered values by clicking on the special button. The values can be removed from the filter just the same way. The filter can contain any number of values. Please note that the list of available values is created with regard to other filters. For example, if before editing the filter you have set date filters, the list of available values will be created with regard to the specified date.
    • Clear – clears the selected filter
    • Filter policy – sets the filter policy (strategy)
      • Accept – displays entries matching the filter value
      • Reject – hides (does not display) entries matching the filter value
      • Disable Filter – deactivates the filter
  • Field: Server Port
  • Field: Size
    • Add... – adds a new value to the filter. Use the dialog box that appears to add a new value to the filter.
    • Clear – clears the filter selected
    • Filter policy – sets the filter policy (strategy)
      • Accept – displays entries matching the filter value
      • Reject – hides (does not display) entries matching the filter value
      • Disable Filter – deactivates the filter

Each field of the log filter can contain any number of values.

Filter example:

Client IP contains 192.168.1.1, 192.168.1.2
Protocol contains POP3
Filter policy for both fields – Accept

This filter can be interpreted as: display all entries where (Protocol = POP3) and (client IP = 192.168.1.1 or client IP = 192.168.1.2)

You can also quickly add a new value to the Log Filter via the context menu on the entry list. Just select the row on the list, then select the Add Log filter item on the context menu (right-click) and then specify the value to be added.

CHAT Tab

In the Log View mode the CHAT tab displays a list of entries with the following columns (some of the columns are hidden by default):

  • Date – date the chat entry was added to the log
  • Time – time the chat entry was added to the log
  • NIC – identifier of the network adapter the data was intercepted from
  • Client MAC – MAC address of the client computer
  • Client IP – IP address of the client computer
  • Server IP – IP address of the server that the client computer connected to
  • Server Port – TCP port the connection was made to
  • Protocol – chat service used (MSN, YAHOO, ICQ, AIM, IRC or MAIL.RU)
  • Size – sent/received chat message size
  • Sender - message sender identifier (depends on the chat type)
  • Recipient - message recipient identifier (depends on the chat type)
  • Message – chat message text

The appearance of the list can be set up via the context menu, which can be opened by right-clicking on the list header.

The preview pane below the list shows the content of the intercepted message, which you can select by clicking on the corresponding row on the list.
For more convenience, the log is split into pages by 1000 entries. To navigate though the log, use the toolbar above the list.
The toolbar has the following buttons

  • First – moves to the first page (to the beginning of the log)
  • Back – moves to the previous page
  • Next – moves to the next page
  • Last – moves to the last page (to the end of the log)

There is also a search box on the toolbar, to quick-search through current page. Please note that the search runs through current page only and doesn't go through the entire log. The application will search through the content of all available columns.

To the left of the list, you can find a pane with two tabs at the bottom: Log Filter and Chat Sessions. With the Log Filter, you can reduce the number of displayed entries, i.e. only display entries you are interested in. The Log Filter has separate log field (column) filters.

On the CHAT tab, you can filter displayed entries by the following log fields (list columns):

  • Date – filters displayed entries by date
  • Protocol – filters displayed entries by chat service (MSN, AIM, ICQ, YAHOO, IRC, MRIM (MAIL.RU))
  • Sender - filters displayed entries by sender identifier (address)
  • Recipient - filters displayed entries by recipient identifier (address)
  • Client IP – filters displayed entries by IP address of the client computer
  • Server IP – filters displayed entries by server IP address
  • Server Port – filters displayed entries by server TCP port number
  • Size – filters displayed entries by size of the intercepted chat message

To manage a filter, use the context menu that appears by right-clicking on the corresponding filter field:

  • Field: Date
    • Add – adds a new value to the filter
      • Last day – macro with a value always equal to the most recent date in the log
      • Last 2 days – macro with a value always equal to 2 most recent dates in the log
      • Last 3 days – macro with a value always equal to 3 most recent dates in the log
      • <DATES list> – dynamically generated list of dates that allows selecting any date from available in the log. You can choose either an individual day or an entire month. You can also combine dates.
    • Clear – clears the selected filter
    • Filter policy – sets the filter policy (strategy)
      • Accept – displays entries matching the filter value
      • Reject – hides (does not display) entries matching the filter value
      • Disable Filter – deactivates the filter
  • Field: Protocol
    • Add – adds a new value to the filter
      • MSN
      • YAHOO
      • ICQ/AIM
      • IRC
      • MRIM
    • Clear – clears the selected filter
    • Filter policy – sets the filter policy (strategy)
      • Accept – displays entries matching the filter value
      • Reject – hides (does not display) entries matching the filter value
      • Disable Filter – deactivates the filter
  • Field: Sender
  • Field: Recipient
  • Field: Client IP
  • Field: Server IP
    • Edit... – changes the filter content. Use the dialog box that appears to change the filter content. The box has two lists: Available - values available for filtering, and Filtered - values to be filtered by the filter. To add a new value to the filter, select it on the list of available values and then add it to the list of filtered values by clicking on the special button. The values can be removed from the filter just the same way. The filter can contain any number of values. Please note that the list of available values is created with regard to other filters. For example, if before editing the filter you have set date filters, the list of available values will be created with regard to the specified date.
    • Clear – clears the selected filter
    • Filter policy – sets the filter policy (strategy)
      • Accept – displays entries matching the filter value
      • Reject – hides (does not display) entries matching the filter value
      • Disable Filter – deactivates the filter
  • Field: Server Port
  • Field: Size
    • Add... – adds a new value to the filter. Use the dialog box that appears to add a new value to the filter.
    • Clear – clears the filter selected
    • Filter policy – sets the filter policy (strategy)
      • Accept – displays entries matching the filter value
      • Reject – hides (does not display) entries matching the filter value
      • Disable Filter – deactivates the filter

Each field of the log filter can contain any number of values.

Filter example:

Client IP contains 192.168.1.1, 192.168.1.2
Protocol contains MSN
Filter policy for both fields – Accept

This filter can be interpreted as: display all chat messages where (Protocol = MSN) and (client IP = 192.168.1.1 or client IP = 192.168.1.2)

You can also quickly add a new value to the Log Filter via the context menu on the entry list. Just select the row on the list, then select the Add Log filter item on the context menu (right-click) and then specify the value to be added.

Chat Sessions

The Chat Sessions tab contains a tree of all chat sessions. The chat session term stands for a set of all messages exchanged between two specified chat participants. By default, the list shows entries in the order they were intercepted; so if the number of chat participants chat was great, you can get a mess of messages. The chat session tree allows viewing the messages straight. In addition, the tree groups chat messages by protocol.

The chat session tree looks as follows:

  • Chat participant A
    • Chat participant B
    • Chat participant C
    • ...
  • Chat participant D
    • Chat participant E
    • Chat participant F
    • ...

This reveals that A talked to B and C. To see messages exchanged between A and B, just select B on the tree.

You can also select any row on the record list and read the chat session between corresponding chat participants. To do that, right-click on the row on the list and then select the Follow Chat Session option. To return to all entries (messages), click on the Show Messages for All Chat Sessions button on the toolbar.