Manualshelf

User Guide

ManualsBrandsWireshark ManualsSoftwareWireshark Wireshark - 1.5
61626364656667686970
Capturing Live Network Data
52
IP address The IP address(es) of the selected interface. If no address could be
resolved from the system, "unknown" will be shown.
Link-layer header type Unless you are in the rare situation that you need this, just keep
the default. For a detailed description, see Section 4.9, “Link-layer
header type”
Wireless settings (Windows only) Here you can set the settings for wireless capture using the AirPCap
adapter. For a detailed description, see the AirPCap Users Guide.
Remote settings (Windows only) Here you can set the settings for remote capture. For a detailed
description, see Section 4.6, “The "Remote Capture Interfaces"
dialog box”
Buffer size: n megabyte(s) Enter the buffer size to be used while capturing. This is the size of
the kernel buffer which will keep the captured packets, until they
are written to disk. If you encounter packet drops, try increasing
this value.
Capture packets in promiscuous
mode
This checkbox allows you to specify that Wireshark should put
the interface in promiscuous mode when capturing. If you do not
specify this, Wireshark will only capture the packets going to or
from your computer (not all packets on your LAN segment).
Note
If some other process has put the interface in
promiscuous mode you may be capturing in
promiscuous mode even if you turn off this option.
Note
Even in promiscuous mode you still won't necessarily
see all packets on your LAN segment, see http://
www.wireshark.org/faq.html#promiscsniff for some
more explanations.
Capture packets in monitor
mode (Unix/Linux only)
This checkbox allows you to setup the Wireless interface to capture
all traffic it can receive, not just the traffic on the BSS to which it
is associated, which can happen even when you set promiscuous
mode. Also it might be necessary to turn this option on in order
to see IEEE 802.11 headers and/or radio information from the
captured frames.
Note
In monitor mode the adapter might disassociate itself
from the network it was associated to.
Capture packets in pcap-ng
format
This checkbox allows you to specify that Wireshark saves the
captured packets in pcap-ng format. This next generation capture
file format is currently in development.