Allegro Network Multimeter Manual

Forensic pcap Analysis: Difference between revisions

Page Discussion

Forensic pcap Analysis (view source)

Revision as of 06:25, 23 May 2025

50 bytes added ,  23 May
no edit summary
No edit summary
No edit summary
 
Line 57: Line 57:
'''Slot:'''  Choose the replay slot the analysis should run at.
'''Slot:'''  Choose the replay slot the analysis should run at.


'''Storage Device:''' Choose the storage device, where the PCAP-file will be uploaded to.
'''Storage Device:''' Choose the storage device, where the PCAP-file will be uploaded to. Using the [[Packet ring buffer]] enables you to re-download the packets later.  


'''Stop if DB full:''' When enabled will automatically stop the PCAP upload, if the DB is full.
'''Stop if DB full:''' When enabled will automatically stop the PCAP upload, if the in-memory DB is full. Packets will be lost if the DB is exceeded, while this option is not enabled.






If one of the warnings, that may appear, makes you avoid using the analysis, consider using the capture ring buffer.


If you activate the capture ring buffer, it is easy to extract certain parts of
If you activate the capture ring buffer, it is easy to extract certain parts of
Line 82: Line 81:
investigate the contents of the pcap file.
investigate the contents of the pcap file.


When the upload is finished, all other modules in the Allegro Network Multimeter will now show data from this pcap-file.
When the upload is finished, other statistics in the Allegro Network Multimeter will now show data from this pcap-file.


To return to the live data analysis, simply press the 'Finish replay' button.
To return to the live data analysis, simply press the 'Finish replay' button.
Retrieved from "https://allegro-packets.com/wiki/Special:MobileDiff/5104"