							WIP 
					  Ethernet analyzer 

	                USER'S GUIDE (Ver 2.00) 
    
   WIP is a software to analyses ethernet data it runs on  
 Microsoft WIN95/98/ME,  used for listening and analyzing  
 data on ethernet and ethernet-like(such as dial-up 
 networking of Microsoft). 
 
   According to RFC, WIP splits the packaged protocol 
 data step by step, and reserves the format and layer 
 level of original data.  
   It gives simple comments of the code defined in RFC, 
 discards some padding data and verify code . 
   The format and layer level of original data is 
 meaningful to users who expert at network protocols. 
 Users who is not familiar to network protocols can just
 pay attention to the data they really want,  ignore the
 details of data format. 
   Especially, WIP can analyze PPPOE (RFC2516), 
   PPPOE is a protocol abroad used in broad-band network. 
 
   WIP needs not extra installing, just copy the .exe 
 file to a new directory on your hard disk . 
 
	Note : It will create temp files during running,  
	so it cannot run at read-only disk(i.e. can not  
	run at CD-R). 
 
   To unintall it just delete the WIP executable file 
 and log files at same directory. 
 
   WIP contains several windows and buttons. You can 
 modify some options only if you are accomplished in  	
 network, commonly you can use the default settings. 
 All you need to do just in ONE click :  
	-- Just click 'GO!' button ! 
 
   NIC list shows all exist ethernet adapters and net 
 informations on current system, just click to change. 
 
	Note: Devices which description begin with ! are 
	inactive. 
 
   When WIP starts, NIC SELECTION and INFORMATION AREA 
 keeps refreshing to display the current information. 
 EX. IP displays 0.0.0.0 When network is not active, 
 once it is activated, current IP will be shown,  and 
 the route information will also be changed. 
 
   After starting analysis, auto refreshing will abort 
 until analysis finished and popup menu 'Clear all item' 
 be selected. 
 
   Click 'GO!' button to start analysis of specified network  
 device, and press 'STOP' to stop it, if no data received then,  
 maybe you need wait a while depend on 'timeout' setting.  
 
	The following lists part of settings: 

	1. <Show all protocol> 
 This property indicates whether non IP protocol 
 information be displayed.  Default is YES. 

	2. <ASCII Only> , <Non ASCII> ,<Hex Disp> 
  These are view settings. By default,  they are 
  not selected, visible characters are displayed 
  normally, invisible characters are displayed in 
  decimal integer as its ASCII code \\###. 
  When <ASCII Only> selected, invisible chars.  
  will be ignored, and just print as '.' . 
  When <Non ASCII> selected, all chars.  will be 
  displayed as ASCII code. 
  When <Hex Disp> selected, display hex integers 
  instead of decimal integers. 

	3. <Query timeout> 
  To avoid too long time waiting, this property 
  limits the time of each operation. The Unit  
  is second, default value is 3 second. 
	Note: Do not set this value too long or too short.
	 
	4. <Promiscuous mode> 
   Set mode of current network device. Enable it lets 
  network device running at 'promiscuous mode', 
  in this mode all data at same subnet will be accepted 
  by current network device. By default it is enabled. 
  Note that busy network may lost data. Noteworthy,  
  running at promiscuous mode may be considered 
  as hacker action by other users in your subnet. 

	5. <Show detail> 
  Since not every one are interested in bald RFCs  
  and data encapsulation, as default , miscellaneous 
  packaging of captured data are ignored.  Check it 
  to get more detail of network information. 
  
   The three tabs in FILTER are conditions with AND 
  operation. List items in the certain list are in 
  OR relationship. TYPE property indicates the 
  indentifier of Ethernet protocol. 
  For example, 
  PPPOE are 0x8863 and 0x8864. Click mouse right 
  key to active menu. To view TELNET data of IP 
  192.168.0.1 in PPPOE net, just add item 192.168.0.1 
  to IP list,  add 23 to PORT list, add 8864 to TYPE list. 
   Note: Item shown '-- ALL --' means no constraint. 
   
  Right click INFORMATION AREA will popup a menu,  
  which provides CLEAR, SAVE and PRINT funcitons. 
  To select mulitple items just press [CTRL]  or 
  [SHIFT] key. 
 
   Note: 1. Demo version has limit of total info. lines about 400 lines. 
         2. Length of each line has limit, info. longer than 
            certain length will not be displayed, although   
            it can be saved to file. 
         3. The line longer than certain length without separator 
            will be cut in printing. 
         4. If you do want to change print parameter , hold on  
            'ctrl' key before select 'print' in the menu. 
 
     There is an icon in left-bottom , it will be rotating 
  since WIP is ready for analyze. 
     Once starting analysis, the running clock in middle window 
  will jump out. If the clock is running but icon stoped, 
  it means that system is busy, you should wait its response. 
  
     The SEND button in middle right window is used to send 
  some commands and for some other usage, please refer to its 
 examples. It is used by professional user only. The usage 
 of SEND textbox will be expanded in follow-up versions. 
    Obviously, the EXIT button at right bottom window will leads 
 you quitting the program. But it maybe spend you several 
 seconds to wait the program stop the running analysis job. 
 
    Tech. support:   E-mail: soft@withu.com
	Web: http://wip.withu.com

                                 Thanks for using WIP again! 

									Feb, 2002 , Soft.withu.com