The SearchLight Welcome page will display when the program is launched.|
Users will need to start a new case or open an existing case.
SearchLight creates individual files for each case. A case must first be opened or created to start analyzing a network capture.
Users can add all pcap files they need to examine.
SearchLight will digest the files and display the Summary Information for the case
in a new tab. Displayed information includes: the pcap files that were processed, number of files processed, number of host groups, number of IP, TCP and UDP connections, and the number of IP, TCP and UDP packets.
Users will need to click the Filter button to display all packets. The information displayed includes: source and destination IPs, source and destination IPs, TCP/UDP, packet count and flow start and end times.
Users can then filter this data further by traffic type, protocol, ip, port or specific time/dates. Each applied filter will display packets in a new tab. This information can then be exported as PCAP, CSV, XML or JSON.