Analyzing a pcap

Pre-filtering a pcap for further packet analysis with Wireshark to save plenty of time

Wireshark is a very helpful program which is unrivalled for detailed packet analysis. The snag is that Wireshark is sometimes unwieldly and very slow.

In this use case, you’ll learn how to analyze and pre-filter a previously recorded pcap with the Allegro Network Multimeter to make using Wireshark much clearer and faster.

Start by copying your existing pcap onto a USB stick and connecting it to the Allegro Network Multimeter. The pcap then appears in the storage overview. Click the ‘Analyze PCAP’ button to start analysis (see screenshot).

The four million packets from the example above are analyzed in less than a minute. You can now use all the modules of the multimeter to pinpoint the traffic of interest.

Pre-filtering the traffic has the great advantage of subsequently achieving the desired result with Wireshark much faster. The problem with Wireshark is that as soon as a pcap exceeds a certain size, it takes far longer to analyze the packets. For example, a sample file containing three million packets can be read by Wireshark in 30 seconds, whereas a slightly larger one with four million packets takes more than eleven minutes. Similar times are to be expected even when a filter is used.

Therefore, you should only select the part of the traffic where the problem has been identified before analysing it in the usual way in Wireshark. Once it has been isolated with the help of the multimeter modules, you can save the selected traffic as a pcap file by clicking the ‘Capture Pcap’ button (see screenshot) and then start analyzing the trace in Wireshark.

As you can see, by using the Allegro Network Multimeter, a pcap can be analyzed rapidly and easily without losing Wireshark’s advantages.

Your advantages at a glance

  • Analyzing a pcap
  • pre-filtering for Wireshark
  • Ideal extension for Wirehark
  • Isolation of the to be controlled network traffic
  • Clear and fast problem diagnosis

Allegro Network Multimeter

Go back