Here is what you can do:
1. Analyze your own traffic: By clicking on "Start Dbk", you will launch a packet capture tool that will analyze the traffic of your Mac.
This analysis will be displayed through plugins that will appear on the left, under the menu "Own Traffic".
Remember: if there's no traffic, no plugin will appear ! So you must browse to see things appear.
2. Discover all the devices on your network: By clicking on "Lan your Scan", you will launch a scan of your network.
All devices found will appear with their hostnames if they are publicly available.
3. Analyze the traffic of other devices on your network: In LanScan view, select the devices whose network traffic you want to track and click on "Toggle Target" in the main toolbar. Selected devices will appear on the left under the menu "Targets".
Then click on "Start Dbk": you will analyze your own traffic, as well as that of your targets.
To unselect targets, re-click on "Toggle Target" when the analyzer is stopped.
* Stop the Analyzer if it's currently running
* Run a LanScan
* Select a device whose traffic you would like to intercept and click on "Toggle Target" (or simply double-click on the device).
-> The IP of the device now appears in the left "Targets" menu.
* Run the Analyzer: Your own traffic and that of the targets will be captured and displayed in real-time. To unselect targets, re-click on "Toggle Target" when the analyzer is stopped.
If one or several targets are selected, Debookee intercepts traffic between the targets ("Tgt") and "a gateway" ("Gw"). (which can be different from the gateway of your LAN)
Usually, you'll want to intercept the traffic between a device and the internet, in which case, the traffic is going from the device to the router/gateway of your LAN.
This is the reason why, by default, the router of the network is set as "Gw".
One reason to change the gateway and set it to another device than the router, could be if you want to intercept the traffic between two devices inside your LAN, for example, between a PC and a printer.
In that case, select the PC as a target and the printer as a gateway. You'll see the traffic between the target "Tgt" and the gateway "Gw", ie the device and the printer.
This will happen if your using a VPN connection on the Mac running Debookee. See the VPN question in General Questions part.
The DNS protocol resolves hostnames into IP addresses
* Displays all DNS responses with all Resource Records associated
-> If the server is unable to resolve an hostname, "IP adresses" column will be blank
-> If there's no response from the server, the request won't be displayed at all
* Displays all HTTP requests on port TCP 80 and the headers associated
-> All methods supported: GET, POST, HEAD, OPTIONS, PUT, DELETE, TRACE, CONNECT
* In case of a POST or PUT, displays the body (or line-based text data) if it's present in the first packet
-> If the device send a POST/PUT in a first packet with headers only, and then another packet with data, Debookee currently miss the data
* Displays all new HTTPS connections on port TCP 443
-> If available, the HTTPS server name is displayed, else only its IP address
-> As traffic is encrypted, Debookee can't retrieve URLs and filenames requested, hence it displays three little dots after the server name. Ex: "https://www.google.com/..."
-> If several URLs are requested in the same HTTPS connection, Debookee won't be able to display them, and will only show the first handshake with the server.
* "Other" because HTTP is also a TCP protocol, but displayed in dedicated "HTTP Plugin"
* Displays all TCP requests, except HTTP's ones.
* If available, resolves the destination port with associated service.
Ex: "993/tcp - imaps - Internet Message Access Protocol over TLS/SSL (synchronizing email)"
The DHCP protocol allows a device to acquire network configuration information such as IP address, a default route, DNS servers, etc ...
* Displays some DHCP requests if available on the network (some network won't authorized DHCP broadcast diffusion)
* Try to guess the device's Operating System
* The "Requested IP address" corresponds to the IP address that the client would like to have, not to the IP delivered by the server.
-> If this IP is not available, you'll see a second request with the server's suggested IP address.
* SIP plugin respects RFC 3261 - Session Initiation Protocol
* Displays in the traffic flow with SIP server and endpoint clients
* Displays all SIP signaling: REGISTER, INVITE, REFER, NOTIFY ...
* Extract information from SDP (Session Description Protocol) to identify RDP flows
* When call is established, displays duration and number of RTP packets in real-time
The features included are exactly the same in both versions.
The only difference is that some results are obfuscated after some time in the free version.
Global traffic represents all non-oriented traffic such as broadcast, multicast, management, routing protocols, etc ...
Informations that are not related to our "Own Traffic" or to a specified "Target" will be displayed there.
Ex: DHCP plugin analyzes broadcast traffic.
Debookee only displays new secured connections, and several requests can be made in a same connection.
If your browser/application makes new HTTPS requests using a previously established connection, we won't be able to display them.
It also means that if you've started Debookee after the establishment of the connection, you won't see nothing at all concerning this connection.
We working on how we could display such already-started connection.
Will you be selling Debookee on Mac App Store ?
Why do I have to enter my admin password when I launch the analyzer ?
Unfortunately not: the library used to capture packets needs admin privileges, which are forbidden by Mac App Store guidelines.
This elevation of privileges is made following Apple's standard API: at no point will we have knowledge of your password.
Currently, Debookee can't handle different interfaces which is the case when a VPN connection is established.
Packets will be intercepted from ethernet or airport interface and then sent to the gateway/internet through the VPN interface.
But the response packets will be received on the VPN interface (tun, ppp) that Debookee is not listening too, and thus ignored and dropped.
The Dbk LanScan tool is an advanced version of LanScan application.
Each new feature is first released in the Dbk LanScan tool, and then released in LanScan and LanScan Pro through AppStore.
We're using the IEEE list for our vendors database and currently, we refresh this database on each update of our applications.
As it's updated more frequently, Debookee will typically have a more up-to-date vendors list than LanScan and LanScan Pro.
We're working on dynamic updates of this list on each startup of our applications.