Traffic Log
The Traffic panel is SimNet's "monitoring center" — it records every packet on the network in real time. If the Topology view is like "looking at a map," then the Traffic log is like "watching a dashcam recording," letting you see where each vehicle (packet) departed, the route it took, and the cargo it carried.
Packet List
The main body of the panel is a table where each row represents one packet. The columns are:
| Column | Description |
|---|---|
| # | Sequence number, ordered by the packet's arrival |
| Tick | Simulation timestamp — which clock cycle (Tick) of the simulation engine captured this packet |
| Protocol | Protocol name, rendered as a colored badge |
| Source | Source device (sender) |
| → | Direction arrow |
| Destination | Destination device (receiver) |
| Summary | A brief summary of what this packet is doing |
| Size | Packet size (Bytes or KB) |
On the left edge of each row there's a thin colored indicator bar matching the packet's protocol color, so you can recognize different kinds of traffic at a glance.
Protocol Colors
Different network protocols are marked with different colors so you can tell them apart instantly:
| Protocol | Color | Description |
|---|---|---|
| Ethernet | Gray | The foundational frame format of the Data Link Layer |
| ARP | Orange | Address Resolution Protocol — looks up the MAC address for an IP |
| IPv4 | Purple | The primary protocol at the Network Layer |
| TCP | Cyan | Transport Layer — reliable, connection-oriented transport |
| HTTP | Green | Application Layer — the web transfer protocol |
| ICMP | Orange | Internet Control Message Protocol — used by ping |
| DNS | Pink | Domain Name System — translates hostnames into IPs |
Color = Protocol Layer
Notice the pattern? The colors roughly correspond to different layers of the OSI model. Gray Ethernet sits at the bottom, green HTTP sits at the top. As you complete more challenges, you'll grow more familiar with these colors — eventually a single glance at the color will tell you what's happening on the network.
Filtering Packets
Protocol Filter
At the top of the panel there's a row of rounded pill buttons (Protocol Pills): All, Ethernet, ARP, IPv4, TCP, HTTP, ICMP, DNS.
- Click All to show every packet (default)
- Click a protocol (e.g. ARP) to show only packets of that protocol
Filtering is incredibly useful when you're tracing a specific behavior. For example, if you're studying an ARP spoofing attack, clicking ARP filters out the noise so you only see ARP packets.
Text Search
Type a keyword into the search box in the top-right to filter by device name or packet summary. For example, typing server1 will surface all packets related to server1.
Next to the search box, the current count of matching packets is shown (e.g. "12 pkts").
Expanding Packet Details
Clicking any packet row expands a detail panel for that packet. Here you'll see:
Protocol Layers
Packet details are presented layer by layer — like peeling an onion, you look inside one layer at a time. For example, an HTTP packet might have these layers:
- Ethernet — source MAC, destination MAC, type
- IPv4 — source IP, destination IP, TTL
- TCP — source port, destination port, flags
- HTTP — method, URL, status code
Each layer can be collapsed or expanded by clicking the arrow next to its title. The colored left border next to the layer name matches that protocol's color.
The contents of each layer are laid out in a "field name : value" format, for example:
Source MAC : aa:bb:cc:00:00:02
Dest MAC : aa:bb:cc:00:00:01
EtherType : 0x0800Auto-Scrolling
When new packets keep streaming in, the panel automatically scrolls to the bottom so you always see the latest ones. You'll see a small "↓ Auto-scrolling" indicator in the bottom-right corner.
If you scroll up to review older packets, auto-scrolling pauses — the view won't suddenly jump away. A button appears at the bottom: "New packets — click to resume auto-scroll". Click it to jump back to the bottom and keep watching the latest packets.
A Practical Workflow
A common analysis flow looks like this:
- Run
tcpdumpin the Terminal to start capturing - Run
pingor another command to generate traffic - Switch to the Traffic panel to watch the packets
- Use the protocol filter to find the packets you care about
- Click to expand and inspect each layer's details
Topology + Traffic + Terminal together form a complete network-analysis workflow.