Table of Contents
- 4.1. Introduction
- 4.2. Prerequisites
- 4.3. Start Capturing
- 4.4. The “Capture Interfaces” dialog box
- 4.5. The “Capture Options” dialog box
- 4.6. The “Edit Interface Settings” dialog box
- 4.7. The “Compile Results” dialog box
- 4.8. The “Add New Interfaces” dialog box
- 4.9. The “Remote Capture Interfaces” dialog box
- 4.10. The “Interface Details” dialog box
- 4.11. Capture files and file modes
- 4.12. Link-layer header type
- 4.13. Filtering while capturing
Capturing live network data is one of the major features of Wireshark.
The Wireshark capture engine provides the following features:
- Capture from different kinds of network hardware such as Ethernet or 802.11.
- Stop the capture on different triggers such as the amount of captured data, elapsed time, or the number of packets.
- Simultaneously show decoded packets while Wireshark is capturing.
- Filter packets, reducing the amount of data to be captured. See Section 4.13, “Filtering while capturing”.
- Save packets in multiple files while doing a long term capture, optionally rotating through a fixed number of files (a “ringbuffer”). See Section 4.11, “Capture files and file modes”.
- Simultaneously capture from multiple network interfaces.
The capture engine still lacks the following features:
- Stop capturing (or perform some other action) depending on the captured data.