Wireshark - 0.99.5 Uživatelská příručka Strana 82
- Strana / 223
- Tabulka s obsahem
- KNIHY
Hodnocené. / 5. Na základě hodnocení zákazníků
4.6. Capture files and file modes
While capturing, the underlying libpcap capturing engine will grab the packets from the network
card and keep the packet data in a (relatively) small kernel buffer. This data is read by Wireshark
and saved into the capture file(s) the user specified.
Different modes of operation are available when saving this packet data to the capture file(s).
Tip!
Working with large files (several 100 MB's) can be quite slow. If you plan to do a long
term capture or capturing from a high traffic network, think about using one of the
"Multiple files" options. This will spread the captured packets over several smaller
files which can be much more pleasant to work with.
Note!
Using Multiple files may cut context related information. Wireshark keeps context in-
formation of the loaded packet data, so it can report context related problems (like a
stream error) and keeps information about context related protocols (e.g. where data is
exchanged at the establishing phase and only referred to in later packets). As it keeps
this information only for the loaded file, using one of the multiple file modes may cut
these contexts. If the establishing phase is saved in one file and the things you would
like to see is in another, you might not see some of the valuable context related inform-
ation.
Tip!
Information about the folders used for the capture file(s), can be found in Appendix A,
Files and Folders.
Table 4.1. Capture file mode selected by capture options
"File" option "Use multiple
files" option
"Ring buffer
with n files" op-
tion
Mode Resulting file-
name(s) used
- - - Single temporary
file
etherXXXXXX
(where XXXXXX is
a unique number)
foo.cap - - Single named file foo.cap
foo.cap x - Multiple files,
continuous
foo_00001_2004020
5110102.cap,
foo_00002_2004020
5110102.cap, ...
foo.cap x x Multiple files,
ring buffer
foo_00001_2004020
5110102.cap,
foo_00002_2004020
5110102.cap, ...
Single temporary file A temporary file will be created and used (this is the default).
After the capturing is stopped, this file can be saved later un-
der a user specified name.
Capturing Live Network Data
68
- Wireshark User's Guide 1
- Table of Contents 4
- 1. Foreword 8
- 3. Acknowledgements 10
- 4. About this document 11
- #usersguide 12
- Chapter 1. Introduction 15
- 1.1.6. Many protocol decoders 16
- 1.1.7. Open Source Software 16
- 1.1.8. What Wireshark is not 17
- 1.2. System Requirements 18
- 1.2.3. Unix / Linux 19
- 1.3. Where to get Wireshark? 20
- Wireshark 22
- 1.6.1. Website 23
- 1.6.2. Wiki 23
- 1.6.3. FAQ 23
- 1.6.4. Mailing Lists 23
- 1.6.5. Reporting Problems 24
- Introduction 26
- Download all required files! 28
- 2.8.1. Install Wireshark 35
- 2.8.1.4. Command line options 36
- 2.8.3. Update Wireshark 37
- 2.8.4. Update WinPcap 37
- 2.8.5. Uninstall Wireshark 37
- 2.8.6. Uninstall WinPcap 38
- Chapter 3. User Interface 40
- 3.2. Start Wireshark 41
- 3.3. The Main window 42
- 3.3.1. Main Window Navigation 43
- 3.4. The Menu 44
- Table 3.2. File menu items 45
- Table 3.3. Edit menu items 48
- Table 3.4. View menu items 50
- 3.8. The "Go" menu 54
- Table 3.6. Capture menu items 56
- Table 3.7. Analyze menu items 58
- Table 3.9. Help menu items 62
- 3.18. The Statusbar 71
- User Interface 72
- 4.1. Introduction 73
- 4.2. Prerequisites 74
- 4.3. Start Capturing 75
- Capturing Live Network Data 77
- 4.5.1. Capture frame 78
- 4.5.2. Capture File(s) frame 80
- 4.5.3. Stop Capture... frame 80
- 4.5.4. Display Options frame 81
- 4.5.5. Name Resolution frame 81
- 4.5.6. Buttons 81
- 4.7. Link-layer header type 84
- Printing 91
- 5.2. Open capture files 92
- 5.2.2. Input File Formats 94
- 5.3. Saving captured packets 96
- 5.3.2. Output File Formats 98
- 5.4. Merging capture files 100
- 5.5. File Sets 102
- 5.6. Exporting data 104
- File" dialog box 105
- 5.7. Printing packets 110
- 5.8. The Packet Range frame 112
- 5.9. The Packet Format frame 113
- Working with captured packets 116
- 6.2. Pop-up menus 117
- 6.4.1. Display filter fields 124
- 6.4.2. Comparing values 124
- 6.4.3. Combining expressions 125
- 6.4.4. A common mistake 127
- Warning! 130
- 6.7. Finding packets 132
- 6.8. Go to a specific packet 134
- 6.9. Marking packets 135
- Chapter 7. Advanced Topics 139
- 7.2. Following TCP streams 140
- 7.3. Time Stamps 142
- Advanced Topics 143
- 7.4. Time Zones 144
- 7.5. Packet Reassembling 147
- 7.6. Name Resolution 149
- 7.7. Checksums 151
- 7.7.2. Checksum offloading 152
- Chapter 8. Statistics 154
- Statistics 155
- 8.4. Endpoints 159
- 8.5. Conversations 161
- 8.7. Service Response Time 164
- 9.1. Introduction 168
- 9.3. Packet colorization 174
- 9.4.2. User Specified Decodes 179
- 9.5. Preferences 181
- 9.6. User Table 182
- 9.7. Display Filter Macros 183
- 9.9. User DLTs protocol table 185
- 9.10. SNMP users Table 186
- Customizing Wireshark 187
- Appendix A. Files and Folders 188
- • the current display filter 189
- Files and Folders 189
- Windows folders 191
- Unix/Linux folders 191
- A.3. Windows folders 194
- C.1. Packet List Messages 198
- C.2. Packet Details Messages 199
- Wireshark Messages 200
- D.1. Introduction 201
- Related command line tools 202
- CORBA IDL files 215
- D.9.4. TODO 216
- D.9.5. Limitations 217
- D.9.6. Notes 217
© 2020, manymanuals.cz. Všechna práva vyhrazena. | 3.496 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentáře k této Příručce