1,775
edits
Packet ring buffer: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| Line 43: | Line 43: | ||
This way it is possible to e.g. capture the traffic of an IP address starting from an hour ago. | This way it is possible to e.g. capture the traffic of an IP address starting from an hour ago. | ||
The capture will also continue with live traffic. | The capture will also continue with live traffic. | ||
If the user interface is in | If the user interface is in '''back-in-time''' mode (a timespan from the past is selected) starting a capture will produce a dialog asking to confirm that the capture will cover exactly the timespan selected. | ||
The capture will automatically stop after the selected timespan has been processed. | The capture will automatically stop after the selected timespan has been processed. | ||
| Line 122: | Line 122: | ||
– Full: The whole packet is captured. | – Full: The whole packet is captured. | ||
– Header + data: Capture just certain parts of the packet. When selecting | – Header + data: Capture just certain parts of the packet. When selecting '''L3 header''', layer 2 and layer 3 headers are stored. | ||
When selecting | :When selecting '''L3 + L4 header''', layer 2, 3 and 4 headers are stored. | ||
When selecting | When selecting '''L3 + L4 + L7 data''', an input field is shown where the length of layer 7 data can be configured. In this case layer 2, 3 and 4 are stored together with the specified amount of layer 7 data. | ||
In this case layer 2, 3 and 4 are stored together with the specified amount of layer 7 data. | |||