Wireshark - 1.0 Betriebsanweisung
Chapter 4. Capturing Live Network
Data
Data
4.1. Introduction
Capturing live network data is one of the major features of Wireshark.
The Wireshark capture engine provides the following features:
•
Capture from different kinds of network hardware (Ethernet, Token Ring, ATM, ...).
•
Stop the capture on different triggers like: amount of captured data, captured time, captured
number of packets.
number of packets.
•
Simultaneously show decoded packets while Wireshark keeps on capturing.
•
Filter packets, reducing the amount of data to be captured, see
.
•
Capturing into multiple files while doing a long term capture, and in addition the option to form
a ringbuffer of these files, keeping only the last x files, useful for a "very long term" capture, see
a ringbuffer of these files, keeping only the last x files, useful for a "very long term" capture, see
The capture engine still lacks the following features:
•
Simultaneous capturing from multiple network interfaces (however, you can start multiple in-
stances of Wireshark and merge capture files later).
stances of Wireshark and merge capture files later).
•
Stop capturing (or doing some other action), depending on the captured data.
62