Having selected an interface and pressed the start button, the interface is switched to promiscuity mode and begins to capture all packets, comming to it. These packets are then displayed in a form of a list, which contain packet serial number from capture begin, originating and destination MAC address, length and time of capture. Further for packets containing IP header originating and destination IP address and for packets containing TCP or UDP header shows originating and destination port and name of the application protocol belonging to these ports.

Complete content of a caught packet beginning with MAC header can be viewed by single clicking over the appropriate packet. Packet can be copied to packet editor by clicking the button Edit. Packet is captured starting form MAC header. Synchronisation preamble, which precede each packet, is not captured nor viewed, because it is only overhead of method to media access and has no relevant information. In case that you want to analyze synchronisation preambles, quiescent signal or damaged frames we recommend to use so-called hardware packet catcher with own software.

Selected packet can be deeply analyzed by double clicking it, or selecting it and pressing the Analyze button. Analysis is displayed in a newly opened window. Packet analysis contains information which interface captured it and time of capture. It contains further MAC header analysis, and next layer protocol recognition. Over the MAC layer it allows to analyze links layer frames analysis: IP frames, ARP frames and recognize and print of IPX/SPX frames, NetBIOS and others. MAC layer support of course Ethernet, Ethernet II and LCC. It detects from ARP frame, if it is request or response and then originating pair of MAC and IP addresses and destination pair of addresses.

IP analysis provides analysis only according to IPv4 and picks out all relevant information from and IP header. Over the IP can be TCP, UDP or ICMP. ICMP packets are decomposed and all relevant information from them is displayed, like ICMP message type and completive message parameters. TCP and UDP headers are decomposed to relevant information like originating and destination port, length etc. Further, the user data field is displayed followed by optional completive analysis. For POP3 protocol, there is emphasized part USER and PASS (password) for authentificartion packets. Packets for proxy server authentification, where system BASE64 is used to encode username and password, have these fields decoded. In the last part, there is name of the application layer protocol or some other information. The complete analysis can be copied to the packet editor for further manipulation - see Packet editor.

Software compatibility is characterized by compatibility with operating systems and hardware, in details with different hardware drivers in a specific operating system. Generally, the software can be run on systems Windows 95 OSR2, 98, ME. For run on systems Windows 95 and Windows 95 OSR1, you need to install the latest possible service pack. Software can be run on Windows NT 4.0 and Windows 2000. Its main designation is platform NT, so some functions (in the concrete SNMP) do not work on Windows family 9x/ME.
Hardware compatibility is substantive for modules Hnet Info Netware, which use a collection of libraries for direct hardware or NDIS access. These drivers are implemented less generally and are designed for commonly available hardware. Target resources are mainly Ethernet cards, which are supported in full scope i.e. Ethernet 10Mbps, 100Mbps and 1Gbps hardware. Another target resources are hardware modems. Hardware modems are supported so far, how compatible are their drivers with standard modem definition according to standards. Ideal are external modems, because they have given interface and producers have no room to forge extra enhancements. On the contrary there are software modems (co-called WinModems), which do not abide with standards and specifications and where modem contains only the part for conversion of analog signal to digital, but the modem itself is emulated by driver. There the compatility depends on drivers a lot. These modems may cause lot of problems. Software supports FDDI too, but only limited number of hardware.