wireshark-doc 2.4.5-1 / usr / share / doc / wireshark-doc / wsug_html_chunked / ChCapCaptureOptions.html

This file is indexed.

/usr/share/doc/wireshark-doc/wsug_html_chunked/ChCapCaptureOptions.html is in wireshark-doc 2.4.5-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>4.5. The &#8220;Capture Options&#8221; dialog box</title><link rel="stylesheet" type="text/css" href="ws.css"><meta name="generator" content="DocBook XSL Stylesheets V1.79.1"><link rel="home" href="index.html" title="Wireshark User&#8217;s Guide"><link rel="up" href="ChapterCapture.html" title="Chapter 4. Capturing Live Network Data"><link rel="prev" href="ChCapInterfaceSection.html" title="4.4. The &#8220;Capture Interfaces&#8221; dialog box"><link rel="next" href="ChCapEditInterfaceSettingsSection.html" title="4.6. The &#8220;Edit Interface Settings&#8221; dialog box"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">4.5. The &#8220;Capture Options&#8221; dialog box</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="ChCapInterfaceSection.html">Prev</a> </td><th width="60%" align="center">Chapter 4. Capturing Live Network Data</th><td width="20%" align="right"> <a accesskey="n" href="ChCapEditInterfaceSettingsSection.html">Next</a></td></tr></table><hr></div><div class="section"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="ChCapCaptureOptions"></a>4.5. The &#8220;Capture Options&#8221; dialog box</h2></div></div></div><p>When you select <span class="guimenu">Capture</span> &#8594; <span class="guimenuitem">Options&#8230;</span> (or use the corresponding item in the
main toolbar), Wireshark pops up the &#8220;Capture Options&#8221; dialog box as shown in
<a class="xref" href="ChCapCaptureOptions.html#ChCapCaptureOptionsDialog" title="Figure 4.3. The &#8220;Capture Options&#8221; dialog box">Figure 4.3, &#8220;The &#8220;Capture Options&#8221; dialog box&#8221;</a>.</p><div class="figure"><a name="ChCapCaptureOptionsDialog"></a><p class="title"><b>Figure 4.3. The &#8220;Capture Options&#8221; dialog box</b></p><div class="figure-contents"><div class="mediaobject"><table border="0" summary="manufactured viewport for HTML img" style="cellpadding: 0; cellspacing: 0;" width="85%"><tr><td><img src="wsug_graphics/ws-capture-options.png" width="100%" alt="wsug_graphics/ws-capture-options.png"></td></tr></table></div></div></div><br class="figure-break"><div class="tip" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Tip"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Tip]" src="wsug_graphics/tip.svg"></td><th align="left">Tip</th></tr><tr><td align="left" valign="top"><p>If you are unsure which options to choose in this dialog box just try keeping
the defaults as this should work well in many cases.</p></td></tr></table></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="_capture_frame"></a>4.5.1. Capture frame</h3></div></div></div><p>The table shows the settings for all available interfaces:</p><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
The name of the interface and its IP addresses. If no address could be
  resolved from the system, &#8220;none&#8221; will be shown.
</li></ul></div><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Note"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Note]" src="wsug_graphics/note.svg"></td><th align="left">Note</th></tr><tr><td align="left" valign="top"><p>Loopback interfaces are not available on Windows platforms.</p></td></tr></table></div><div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
The link-layer header type.
</li><li class="listitem">
The information whether promicuous mode is enabled or disabled.
</li><li class="listitem">
The maximum amount of data that will be captured for each packet. The default
  value is set to the 262144 bytes.
</li><li class="listitem">
The size of the kernel buffer that is reserved to keep the captured packets.
</li><li class="listitem">
The information whether packets will be captured in monitor mode (Unix/Linux
  only).
</li><li class="listitem">
The chosen capture filter.
</li></ul></div><p>By marking the checkboxes in the first column the interfaces are selected to be
captured from. By double-clicking on an interface the &#8220;Edit Interface Settings&#8221;
dialog box as shown in <a class="xref" href="ChCapEditInterfaceSettingsSection.html#ChCapEditInterfacesSettingsDialog" title="Figure 4.4. The &#8220;Edit Interface Settings&#8221; dialog box">Figure 4.4, &#8220;The &#8220;Edit Interface Settings&#8221; dialog box&#8221;</a> will be opened.</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">
<span class="emphasis"><em>Capture on all interfaces</em></span>
</span></dt><dd>
As Wireshark can capture on multiple interfaces it is possible to choose to
capture on all available interfaces.
</dd><dt><span class="term">
<span class="emphasis"><em>Capture all packets in promiscuous mode</em></span>
</span></dt><dd>
This checkbox allows you to specify that Wireshark should put all interfaces in
promiscuous mode when capturing.
</dd><dt><span class="term">
<span class="emphasis"><em>Capture Filter</em></span>
</span></dt><dd><p class="simpara">
This field allows you to specify a capture filter for all interfaces that are
currently selected. Once a filter has been entered in this field, the newly
selected interfaces will inherit the filter. Capture filters are discussed in
more details in <a class="xref" href="ChCapCaptureFilterSection.html" title="4.13. Filtering while capturing">Section 4.13, &#8220;Filtering while capturing&#8221;</a>. It defaults to empty, or no
filter.
</p><p class="simpara">You can also click on the <span class="guibutton">Capture Filter</span> button and Wireshark will
bring up the Capture Filters dialog box and allow you to create and/or select a
filter. Please see <a class="xref" href="ChWorkDefineFilterSection.html" title="6.6. Defining and saving filters">Section 6.6, &#8220;Defining and saving filters&#8221;</a></p></dd><dt><span class="term">
<span class="emphasis"><em>Compile selected BPFs</em></span>
</span></dt><dd>
This button allows you to compile the capture filter into BPF code and pop up a
window showing you the resulting pseudo code. This can help in understanding the
working of the capture filter you created. The <span class="guibutton">Compile Selected BPFs</span> button
leads you to <a class="xref" href="ChCapCompileSelectedBpfsSection.html#ChCapCompileSelectedBpfsDialog" title="Figure 4.5. The &#8220;Compile Results&#8221; dialog box">Figure 4.5, &#8220;The &#8220;Compile Results&#8221; dialog box&#8221;</a>.
</dd></dl></div><div class="tip" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Tip"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Tip]" src="wsug_graphics/tip.svg"></td><th align="left">Tip</th></tr><tr><td align="left" valign="top"><p>Linux power user tip</p></td></tr></table></div><div class="informalexample"><p>The execution of BPFs can be sped up on Linux by turning on BPF JIT by executing</p><pre class="screen">$ echo 1 &gt;/proc/sys/net/core/bpf_jit_enable</pre><p>if it is not enabled already. To make the change persistent you can use
<a class="ulink" href="http://linux-diag.sourceforge.net/Sysfsutils.html" target="_top">sysfsutils</a>.</p></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">
<span class="emphasis"><em>Manage Interfaces</em></span>
</span></dt><dd>
The <span class="guibutton">Manage Interfaces</span> button opens the <a class="xref" href="ChCapManageInterfacesSection.html#ChCapManageInterfacesDialog" title="Figure 4.6. The &#8220;Add New Interfaces&#8221; dialog box">Figure 4.6, &#8220;The &#8220;Add New Interfaces&#8221; dialog box&#8221;</a>
where pipes can be defined, local interfaces scanned or hidden, or remote
interfaces added (Windows only).
</dd></dl></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="_capture_file_s_frame"></a>4.5.2. Capture File(s) frame</h3></div></div></div><p>An explanation about capture file usage can be found in <a class="xref" href="ChCapCaptureFiles.html" title="4.11. Capture files and file modes">Section 4.11, &#8220;Capture files and file modes&#8221;</a>.</p><div class="variablelist"><dl class="variablelist"><dt><span class="term">
<span class="emphasis"><em>File</em></span>
</span></dt><dd><p class="simpara">
This field allows you to specify the file name that will be used for the capture
file. This field is left blank by default. If the field is left blank, the
capture data will be stored in a temporary file. See <a class="xref" href="ChCapCaptureFiles.html" title="4.11. Capture files and file modes">Section 4.11, &#8220;Capture files and file modes&#8221;</a> for
details.
</p><p class="simpara">You can also click on the button to the right of this field to browse through
the filesystem.</p></dd><dt><span class="term">
<span class="emphasis"><em>Use multiple files</em></span>
</span></dt><dd>
Instead of using a single file Wireshark will automatically switch to a new
one if a specific trigger condition is reached.
</dd><dt><span class="term">
<span class="emphasis"><em>Use pcap-ng format</em></span>
</span></dt><dd>
This checkbox allows you to specify that
Wireshark saves the captured packets in pcap-ng format. This next
generation capture file format is currently in development. If more than
one interface is chosen for capturing, this checkbox is set by default.
See <a class="ulink" href="https://wiki.wireshark.org/Development/PcapNg" target="_top">https://wiki.wireshark.org/Development/PcapNg</a> for more details on
pcap-ng.
</dd><dt><span class="term">
<span class="emphasis"><em>Next file every n megabyte(s)</em></span>
</span></dt><dd>
Multiple files only. Switch to the next file after the given number of
byte(s)/kilobyte(s)/megabyte(s)/gigabyte(s) have been captured.
</dd><dt><span class="term">
<span class="emphasis"><em>Next file every n minute(s)</em></span>
</span></dt><dd>
Multiple files only: Switch to the next file after the given number of
second(s)/minutes(s)/hours(s)/days(s) have elapsed.
</dd><dt><span class="term">
<span class="emphasis"><em>Ring buffer with n files</em></span>
</span></dt><dd>
Multiple files only: Form a ring buffer of the capture files with the given
number of files.
</dd><dt><span class="term">
<span class="emphasis"><em>Stop capture after n file(s)</em></span>
</span></dt><dd>
Multiple files only: Stop capturing after switching to the next file the given
number of times.
</dd></dl></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="_stop_capture_8230_frame"></a>4.5.3. Stop Capture&#8230; frame</h3></div></div></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">
<span class="emphasis"><em>&#8230; after n packet(s)</em></span>
</span></dt><dd>
Stop capturing after the given number of packets have been captured.
</dd><dt><span class="term">
<span class="emphasis"><em>&#8230; after n megabytes(s)</em></span>
</span></dt><dd>
Stop capturing after the given number of
byte(s)/kilobyte(s)/megabyte(s)/gigabyte(s) have been captured. This option is
greyed out if &#8220;Use multiple files&#8221; is selected.
</dd><dt><span class="term">
<span class="emphasis"><em>&#8230; after n minute(s)</em></span>
</span></dt><dd>
Stop capturing after the given number of second(s)/minutes(s)/hours(s)/days(s)
have elapsed.
</dd></dl></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="_display_options_frame"></a>4.5.4. Display Options frame</h3></div></div></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">
<span class="emphasis"><em>Update list of packets in real time</em></span>
</span></dt><dd>
This option allows you to specify that Wireshark should update the packet list
pane in real time. If you do not specify this, Wireshark does not display any
packets until you stop the capture. When you check this, Wireshark captures in a
separate process and feeds the captures to the display process.
</dd><dt><span class="term">
<span class="emphasis"><em>Automatic scrolling in live capture</em></span>
</span></dt><dd>
This option allows you to specify that Wireshark should scroll the packet list
pane as new packets come in, so you are always looking at the last packet. If
you do not specify this Wireshark simply adds new packets onto the end of the
list but does not scroll the packet list pane. This option is greyed out if
&#8220;Update list of packets in real time&#8221; is disabled.
</dd></dl></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="_name_resolution_frame"></a>4.5.5. Name Resolution frame</h3></div></div></div><div class="variablelist"><dl class="variablelist"><dt><span class="term">
<span class="emphasis"><em>Enable MAC name resolution</em></span>
</span></dt><dd>
This option allows you to control whether or not Wireshark translates MAC
addresses into names. See <a class="xref" href="ChAdvNameResolutionSection.html" title="7.9. Name Resolution">Section 7.9, &#8220;Name Resolution&#8221;</a>.
</dd><dt><span class="term">
<span class="emphasis"><em>Enable network name resolution</em></span>
</span></dt><dd>
This option allows you to control whether or not Wireshark translates network
addresses into names. See <a class="xref" href="ChAdvNameResolutionSection.html" title="7.9. Name Resolution">Section 7.9, &#8220;Name Resolution&#8221;</a>.
</dd><dt><span class="term">
<span class="emphasis"><em>Enable transport name resolution</em></span>
</span></dt><dd>
This option allows you to control whether or not Wireshark translates transport
addresses into protocols. See <a class="xref" href="ChAdvNameResolutionSection.html" title="7.9. Name Resolution">Section 7.9, &#8220;Name Resolution&#8221;</a>.
</dd></dl></div></div><div class="section"><div class="titlepage"><div><div><h3 class="title"><a name="_buttons"></a>4.5.6. Buttons</h3></div></div></div><p>Once you have set the values you desire and have selected the options you need,
simply click on <span class="guibutton">Start</span> to commence the capture or <span class="guibutton">Cancel</span> to
cancel the capture.</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="ChCapInterfaceSection.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="ChapterCapture.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="ChCapEditInterfaceSettingsSection.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">4.4. The &#8220;Capture Interfaces&#8221; dialog box </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> 4.6. The &#8220;Edit Interface Settings&#8221; dialog box</td></tr></table></div></body></html>

APT Browse - Built by Thomas Orozco.