Table of Contents
- 4.1. Introduction
- 4.2. Prerequisites
- 4.3. Start Capturing
- 4.4. The "Capture Interfaces" dialog box
- 4.5. The "Capture Options" dialog box
- 4.6. The "Edit Interface Settings" dialog box
- 4.7. The "Compile Results" dialog box
- 4.8. The "Add New Interfaces" dialog box
- 4.9. The "Remote Capture Interfaces" dialog box
- 4.10. The "Interface Details" dialog box
- 4.11. Capture files and file modes
- 4.12. Link-layer header type
- 4.13. Filtering while capturing
- 4.14. While a Capture is running ...
Capturing live network data is one of the major features of Wireshark.
The Wireshark capture engine provides the following features:
-
Capture from different kinds of network hardware (Ethernet, Token Ring, ATM, ...).
-
Stop the capture on different triggers like: amount of captured data, captured time, captured number of packets.
-
Simultaneously show decoded packets while Wireshark keeps on capturing.
-
Filter packets, reducing the amount of data to be captured, see Section 4.13, “Filtering while capturing”.
-
Capturing into multiple files while doing a long term capture, and in addition the option to form a ringbuffer of these files, keeping only the last x files, useful for a "very long term" capture, see Section 4.11, “Capture files and file modes”.
-
Simultaneous capturing from multiple network interfaces.
The capture engine still lacks the following features:
-
Stop capturing (or doing some other action), depending on the captured data.