Quick Start with LanDetective

Using LanDetective is really easy. After you have installed it, simply complete several easy steps. Let's get started.

Installing LanDetective Internet Monitor

To install the application, unzip the archived setup file, then start the setup.msi file and follow the instructions shown on your screen.

Starting LanDetective Internet Monitor

During the first start, you need to specify a working folder. That is the place where the application would store its log and all captured data. By default, you will be suggested to use the \Captured Data folder. You can accept the suggested or select a different folder.

Starting Internet Monitoring

Getting started with the application won't require you to change any settings in most cases.

  1. Click on the Start button on the toolbar or choose Start Capture… on the File menu.
  2. Choose the network interface (adapter) to be monitored.
  3. Select a Capture Mode (see below).
  4. Click OK.

Capture Modes

Capture mode determines the way the application would capture Internet traffic. Your choice of capture mode depends on the configuration (topology) of your network and on the objectives you are trying to achieve with the help of LanDetective Internet Monitor.

You can find further details on the ways of monitoring network traffic here.

LanDetective Internet Monitor offers 5 capture modes:

  1. Promiscuous - set by default for Ethernet adapters.
    Use this mode if your network is hub-based or you are running LanDetective Internet Monitor on the gateway.
  2. ARP-Spoofing 1 - uses the ARP-Spoofing technique for capturing network traffic.
    Use this mode if your network is switch-based.
    This mode requires some additional settings; please see below.
  3. ARP-Spoofing 2 - uses the ARP-Spoofing technique for capturing network traffic.
    Use this mode if your network is switch-based and has the port-security option turned on.
    This mode requires some additional settings; please see below.
  4. Wi-Fi - uses the ARP-spoofing technique for capturing network traffic with a wireless adapter.
    Use this mode if you have chosen a Wi-Fi adapter to monitor traffic.
    This mode requires some additional settings; please see below.
  5. Own traffic - use this mode if you need to capture your own traffic, i.e. traffic on the computer LanDetective Internet Monitor is installed on.

Setting Capture Modes Wi-Fi, ARP-Spoofing 1, ARP-Spoofing 2

Each of these three capture modes requires additional settings, as all of them are based on the ARP-Spoofing technique.
Before you can start using any of these modes for Internet monitoring, you need to have created a list of computers to be monitored.

  1. Go to the Network Scanner tab (it will appear after you have selected the corresponding Capture Mode).
  2. Specify the IP address of the gateway (router) or the proxy server you access the Internet through (or just keep the default one).
  3. Specify the range of IP addresses to be scanned (or keep the default one).
  4. Click on the Scan Network button and wait until the scanning is over.
  5. As the result, you will have a list of computers in your local network.
  6. Select the computers to be monitored.
  7. Click OK.

How to Choose the Correct Capture Mode?

As it was mentioned earlier, your network configuration determines the capture mode to be used.
If you are not sure which mode you are to choose, use the following rule to figure that:

  • Choose the Own Traffic capture mode to monitor your own Internet traffic, i.e. the traffic on the computer LanDetective is running on.
  • If a Wi-Fi adapter is used for monitoring, and you need to monitor Internet traffic of other computers on the network, use the Wi-Fi capture mode.
  • If an Ethernet adapter is used for monitoring, and you need to monitor Internet traffic of other computers on the network, but you are not sure what equipment is used in your network - try out the Promiscuous, ARP-Spoofing 1 or ARP-Spoofing 2 modes. Most likely, one of them will go for you.