StreamLens/Glossary.md

# StreamLens Ethernet Traffic Analyzer - Glossary

## Core Networking Terms

### **Flow**
A logical grouping of network packets between two endpoints (source IP:port → destination IP:port). In StreamLens, a flow represents all packets traveling in one direction between specific network addresses, allowing analysis of communication patterns, timing characteristics, and protocol behavior.

### **Socket** 
A network endpoint combining an IP address and port number (e.g., 192.168.1.100:4001). Sockets define the communication endpoints for network flows.

### **Packet**
An individual unit of data transmitted over a network, containing headers (IP, UDP/TCP) and payload data. StreamLens analyzes packet timing, size, and content to understand traffic patterns.

### **Frame**
In the context of specialized protocols like Chapter 10, a frame refers to a structured data unit within the packet payload that contains telemetry, timing, or measurement data.

## Protocol Analysis Terms

### **Protocol**
A standardized set of rules for data communication. StreamLens categorizes protocols into:
- **Transport Protocols**: UDP, TCP, ICMP, IGMP
- **Application Protocols**: HTTP, DNS, NTP, DHCP
- **Specialized Protocols**: Chapter 10 (IRIG 106), PTP (Precision Time Protocol), IENA

### **Decoder**
A software component that interprets and extracts structured information from packet payloads according to specific protocol specifications. StreamLens uses:
- **Basic Decoders**: Identify protocol types and extract header information
- **Enhanced Decoders**: Perform deep packet inspection with field-level extraction

### **Encoding**
The method used to structure and format data within packets. Common encodings include:
- **Chapter 10**: Telemetry data encoding standard (IRIG 106)
- **PTP**: Precision Time Protocol for network synchronization
- **IENA**: Enhanced Network Access protocol for flight test

### **Dissector**
A protocol-specific analyzer that breaks down packet contents into constituent fields and interprets their meaning. Similar to decoders but focused on protocol structure analysis.

## Timing and Quality Analysis

### **Inter-arrival Time**
The time interval between consecutive packets in a flow. Critical for analyzing:
- Network jitter and latency
- Data streaming consistency
- Protocol timing compliance

### **Outlier**
A packet whose inter-arrival time deviates significantly from the expected pattern (typically >3 standard deviations). Outliers indicate:
- Network congestion
- Timing violations
- Equipment malfunctions

### **Clock Drift**
The gradual divergence between different timing sources, measured in parts per million (PPM). Important for synchronized systems and telemetry applications.

### **Jitter**
Variation in packet arrival times, indicating network instability or inconsistent data generation.

## Telemetry and Specialized Data

### **Chapter 10 (CH10)**
IRIG 106 Chapter 10 standard for flight test telemetry data recording and transmission. Contains:
- **Time stamps**: Internal timing information
- **Channel data**: Multi-channel analog and digital measurements  
- **Quality indicators**: Signal quality and synchronization status

### **TMATS (Telemetry Metadata Transfer Standard)**
Configuration and setup information transmitted alongside telemetry data, describing data formats, channel assignments, and measurement parameters.

### **PTP (Precision Time Protocol)**
IEEE 1588 standard for high-precision clock synchronization across networks, essential for distributed measurement systems.

### **IENA (Integrated Enhanced Network Access)**
Protocol for real-time telemetry data transmission over Ethernet networks, commonly used in flight test and aerospace applications.

## Data Analysis Terms

### **Flow Statistics**
Quantitative measures describing flow characteristics:
- **Frame Count**: Total packets in flow
- **Total Bytes**: Cumulative data volume
- **Average Inter-arrival**: Mean time between packets
- **Standard Deviation**: Measure of timing variability

### **Frame Type**
Classification of packets within a flow based on content or protocol structure (e.g., "Ch10-Data", "Ch10-TMATS", "PTP-Sync").

### **Traffic Classification**
Categorization of network traffic by destination address:
- **Unicast**: Point-to-point communication
- **Multicast**: One-to-many distribution. [IPv4](https://en.wikipedia.org/wiki/IPv4 "IPv4") multicast addresses are defined by the [most-significant bit](https://en.wikipedia.org/wiki/Most-significant_bit "Most-significant bit") pattern of _1110_.
- **Broadcast**: One-to-all transmission

### **Enhanced Analysis**
Deep inspection and field-level extraction from specialized protocols, providing:
- Decoded frame fields
- Quality metrics
- Timing analysis
- Protocol compliance checking

## User Interface Terms

### **TUI (Text User Interface)**
Command-line interface using curses library for interactive navigation and real-time data display.

### **Flow List Panel**
Left panel showing all detected flows with summary statistics, timing information, and enhanced analysis indicators.

### **Detail Panel**
Right panel with tabbed interface:
- **Info Tab**: Flow statistics, frame types, timing analysis
- **Decode Tab**: Hierarchical display of decoded protocol fields

### **Frame Type Breakdown**
Sub-classification of packets within a flow showing distribution of different data types and their individual timing characteristics.

## Technical Implementation

### **Confidence Score**
Numerical indicator (0.0-1.0) representing decoder certainty in protocol identification and field extraction accuracy.

### **Field Extraction**
Process of parsing packet payloads to extract individual data elements according to protocol specifications.

### **Real-time Statistics**
Live calculation and display of flow metrics during active packet capture, enabling immediate analysis of ongoing network activity.

### **Outlier Detection**
Statistical analysis using sigma thresholds to identify packets with anomalous timing characteristics.

## Use Cases and Applications

### **Flight Test Telemetry**
Primary application for analyzing real-time telemetry data streams from aircraft and test equipment, ensuring data integrity and timing compliance.

### **Network Performance Analysis**
General-purpose tool for identifying network issues, bandwidth utilization, and communication patterns.

### **Protocol Development**
Development and debugging tool for custom network protocols, providing detailed inspection capabilities.

### **Quality Assurance**
Verification of network equipment and protocol implementations against timing and performance specifications.

---

*This glossary provides the foundation for understanding StreamLens capabilities and serves as reference for both users and developers working with network traffic analysis and telemetry systems.*
Modern TUI with Enhanced Protocol Hierarchy Interface Major Features: - Complete modern TUI interface with three focused views - Enhanced multi-column layout: Source \| Proto \| Destination \| Extended \| Frame Type \| Metrics - Simplified navigation with 1/2/3 hotkeys instead of F1/F2/F3 - Protocol hierarchy: Transport (TCP/UDP) → Extended (CH10/PTP) → Frame Types - Classic TUI preserved with --classic flag Views Implemented: 1. Flow Analysis View: Enhanced multi-column flow overview with protocol detection 2. Packet Decoder View: Three-panel deep inspection (Flows \| Frames \| Fields) 3. Statistical Analysis View: Four analysis modes with timing and quality metrics Technical Improvements: - Left-aligned text columns with IP:port precision - Transport protocol separation from extended protocols - Frame type identification (CH10-Data, TMATS, PTP Sync) - Cross-view communication with persistent flow selection - Context-sensitive help and status bars - Comprehensive error handling with console fallback 2025-07-26 22:46:49 -04:00			`# StreamLens Ethernet Traffic Analyzer - Glossary`

			`## Core Networking Terms`

			`### Flow`
			`A logical grouping of network packets between two endpoints (source IP:port → destination IP:port). In StreamLens, a flow represents all packets traveling in one direction between specific network addresses, allowing analysis of communication patterns, timing characteristics, and protocol behavior.`

			`### Socket`
			`A network endpoint combining an IP address and port number (e.g., 192.168.1.100:4001). Sockets define the communication endpoints for network flows.`

			`### Packet`
			`An individual unit of data transmitted over a network, containing headers (IP, UDP/TCP) and payload data. StreamLens analyzes packet timing, size, and content to understand traffic patterns.`

			`### Frame`
			`In the context of specialized protocols like Chapter 10, a frame refers to a structured data unit within the packet payload that contains telemetry, timing, or measurement data.`

			`## Protocol Analysis Terms`

			`### Protocol`
			`A standardized set of rules for data communication. StreamLens categorizes protocols into:`
			`- Transport Protocols: UDP, TCP, ICMP, IGMP`
			`- Application Protocols: HTTP, DNS, NTP, DHCP`
			`- Specialized Protocols: Chapter 10 (IRIG 106), PTP (Precision Time Protocol), IENA`

			`### Decoder`
			`A software component that interprets and extracts structured information from packet payloads according to specific protocol specifications. StreamLens uses:`
			`- Basic Decoders: Identify protocol types and extract header information`
			`- Enhanced Decoders: Perform deep packet inspection with field-level extraction`

			`### Encoding`
			`The method used to structure and format data within packets. Common encodings include:`
			`- Chapter 10: Telemetry data encoding standard (IRIG 106)`
			`- PTP: Precision Time Protocol for network synchronization`
			`- IENA: Enhanced Network Access protocol for flight test`

			`### Dissector`
			`A protocol-specific analyzer that breaks down packet contents into constituent fields and interprets their meaning. Similar to decoders but focused on protocol structure analysis.`

			`## Timing and Quality Analysis`

			`### Inter-arrival Time`
			`The time interval between consecutive packets in a flow. Critical for analyzing:`
			`- Network jitter and latency`
			`- Data streaming consistency`
			`- Protocol timing compliance`

			`### Outlier`
			`A packet whose inter-arrival time deviates significantly from the expected pattern (typically >3 standard deviations). Outliers indicate:`
			`- Network congestion`
			`- Timing violations`
			`- Equipment malfunctions`

			`### Clock Drift`
			`The gradual divergence between different timing sources, measured in parts per million (PPM). Important for synchronized systems and telemetry applications.`

			`### Jitter`
			`Variation in packet arrival times, indicating network instability or inconsistent data generation.`

			`## Telemetry and Specialized Data`

			`### Chapter 10 (CH10)`
			`IRIG 106 Chapter 10 standard for flight test telemetry data recording and transmission. Contains:`
			`- Time stamps: Internal timing information`
			`- Channel data: Multi-channel analog and digital measurements`
			`- Quality indicators: Signal quality and synchronization status`

			`### TMATS (Telemetry Metadata Transfer Standard)`
			`Configuration and setup information transmitted alongside telemetry data, describing data formats, channel assignments, and measurement parameters.`

			`### PTP (Precision Time Protocol)`
			`IEEE 1588 standard for high-precision clock synchronization across networks, essential for distributed measurement systems.`

			`### IENA (Integrated Enhanced Network Access)`
			`Protocol for real-time telemetry data transmission over Ethernet networks, commonly used in flight test and aerospace applications.`

			`## Data Analysis Terms`

			`### Flow Statistics`
			`Quantitative measures describing flow characteristics:`
			`- Frame Count: Total packets in flow`
			`- Total Bytes: Cumulative data volume`
			`- Average Inter-arrival: Mean time between packets`
			`- Standard Deviation: Measure of timing variability`

			`### Frame Type`
pretty good 2025-07-28 08:14:15 -04:00			`Classification of packets within a flow based on content or protocol structure (e.g., "Ch10-Data", "Ch10-TMATS", "PTP-Sync").`
Modern TUI with Enhanced Protocol Hierarchy Interface Major Features: - Complete modern TUI interface with three focused views - Enhanced multi-column layout: Source \| Proto \| Destination \| Extended \| Frame Type \| Metrics - Simplified navigation with 1/2/3 hotkeys instead of F1/F2/F3 - Protocol hierarchy: Transport (TCP/UDP) → Extended (CH10/PTP) → Frame Types - Classic TUI preserved with --classic flag Views Implemented: 1. Flow Analysis View: Enhanced multi-column flow overview with protocol detection 2. Packet Decoder View: Three-panel deep inspection (Flows \| Frames \| Fields) 3. Statistical Analysis View: Four analysis modes with timing and quality metrics Technical Improvements: - Left-aligned text columns with IP:port precision - Transport protocol separation from extended protocols - Frame type identification (CH10-Data, TMATS, PTP Sync) - Cross-view communication with persistent flow selection - Context-sensitive help and status bars - Comprehensive error handling with console fallback 2025-07-26 22:46:49 -04:00
			`### Traffic Classification`
			`Categorization of network traffic by destination address:`
			`- Unicast: Point-to-point communication`
pretty good 2025-07-28 08:14:15 -04:00			`- Multicast: One-to-many distribution. [IPv4](https://en.wikipedia.org/wiki/IPv4 "IPv4") multicast addresses are defined by the [most-significant bit](https://en.wikipedia.org/wiki/Most-significant_bit "Most-significant bit") pattern of _1110_.`
Modern TUI with Enhanced Protocol Hierarchy Interface Major Features: - Complete modern TUI interface with three focused views - Enhanced multi-column layout: Source \| Proto \| Destination \| Extended \| Frame Type \| Metrics - Simplified navigation with 1/2/3 hotkeys instead of F1/F2/F3 - Protocol hierarchy: Transport (TCP/UDP) → Extended (CH10/PTP) → Frame Types - Classic TUI preserved with --classic flag Views Implemented: 1. Flow Analysis View: Enhanced multi-column flow overview with protocol detection 2. Packet Decoder View: Three-panel deep inspection (Flows \| Frames \| Fields) 3. Statistical Analysis View: Four analysis modes with timing and quality metrics Technical Improvements: - Left-aligned text columns with IP:port precision - Transport protocol separation from extended protocols - Frame type identification (CH10-Data, TMATS, PTP Sync) - Cross-view communication with persistent flow selection - Context-sensitive help and status bars - Comprehensive error handling with console fallback 2025-07-26 22:46:49 -04:00			`- Broadcast: One-to-all transmission`

			`### Enhanced Analysis`
			`Deep inspection and field-level extraction from specialized protocols, providing:`
			`- Decoded frame fields`
			`- Quality metrics`
			`- Timing analysis`
			`- Protocol compliance checking`

			`## User Interface Terms`

			`### TUI (Text User Interface)`
			`Command-line interface using curses library for interactive navigation and real-time data display.`

			`### Flow List Panel`
			`Left panel showing all detected flows with summary statistics, timing information, and enhanced analysis indicators.`

			`### Detail Panel`
			`Right panel with tabbed interface:`
			`- Info Tab: Flow statistics, frame types, timing analysis`
			`- Decode Tab: Hierarchical display of decoded protocol fields`

			`### Frame Type Breakdown`
			`Sub-classification of packets within a flow showing distribution of different data types and their individual timing characteristics.`

			`## Technical Implementation`

			`### Confidence Score`
			`Numerical indicator (0.0-1.0) representing decoder certainty in protocol identification and field extraction accuracy.`

			`### Field Extraction`
			`Process of parsing packet payloads to extract individual data elements according to protocol specifications.`

			`### Real-time Statistics`
			`Live calculation and display of flow metrics during active packet capture, enabling immediate analysis of ongoing network activity.`

			`### Outlier Detection`
			`Statistical analysis using sigma thresholds to identify packets with anomalous timing characteristics.`

			`## Use Cases and Applications`

			`### Flight Test Telemetry`
			`Primary application for analyzing real-time telemetry data streams from aircraft and test equipment, ensuring data integrity and timing compliance.`

			`### Network Performance Analysis`
			`General-purpose tool for identifying network issues, bandwidth utilization, and communication patterns.`

			`### Protocol Development`
			`Development and debugging tool for custom network protocols, providing detailed inspection capabilities.`

			`### Quality Assurance`
			`Verification of network equipment and protocol implementations against timing and performance specifications.`

			`---`

			`This glossary provides the foundation for understanding StreamLens capabilities and serves as reference for both users and developers working with network traffic analysis and telemetry systems.`