Capturing: Difference between revisions

Capturing (view source)

Revision as of 10:43, 28 April 2020

1 byte removed , 28 April 2020

no edit summary

David.Griffiths

inactive

369

edits

@@ Line 3: / Line 3: @@
 == How can I get a pcap of a specific IP or MAC address? ==
-The Allegro Network Multimeter modules provide a dedicated pcap button
+All Allegro Network Multimeter modules have a dedicated pcap button
-to capture almost all types of traffic. To capture a specific IP address go to 'IP' -> 'IP' statistics, navigate to
+to capture most traffic types. To capture a specific IP address go to 'IP' -> 'IP' statistics, navigate to
 the desired IP address and click the pcap button.
@@ Line 12: / Line 12: @@
 To quickly find an IP address, you can sort the IP table by almost every column. The filter
-offers a quick method to reduce the table content, e.g. by typing fragments of the
+provides a quick method to reduce the table content, e.g. by typing fragments of the
 IP address or the DNS name in the filter input field.
 Another quick way to create a pcap of a specific address is to use the simple capture. Go
-to 'Generic' -> 'Capture traffic', enable the MAC Switch, set an address and click the
+to 'Generic' -> 'Capture traffic', enable the MAC switch, set an address and click the
 "Start capture" button.
@@ Line 28: / Line 28: @@
 displayed. Here you can limit the start and end time of the capture and select
 whether the created pcap file is downloaded via your browser directly to your
-computer or stored on the attached storage device of the Multimeter. You can
+computer or stored on the Multimeter attached storage device. You can
-limit the captured packets to the given length if you do not need the full packet
+limit the captured packets to a given length if you do not need the full packet
-and want a small pcap file that opens faster in Wireshark.
+and just want a small pcap file that opens faster in Wireshark.
 {|
@@ Line 45: / Line 45: @@
 port or an internal storage device if your Allegro Network Multimeter is
 equipped with one. A fast USB3 capable SSD is recommended. A
-USB thumb drive can be used, too, but some burst packets may be dropped if the
+USB thumb drive can be used also, but some burst packets may be dropped if the
-thumb drive is too slow.
+thumb drive write speed is too slow.
 You can see an overview about all storage devices that can be used for the Allegro Multimeter
@@ Line 73: / Line 73: @@
 |}
-The size of the ring buffer has to be specified. If no pcap is required on
+The size of the ring buffer must be specified. If no pcap is required on
-the storage device, the ring buffer may use 100% of the storage device capacity.
+the storage device, the ring buffer will use 100% of the storage device capacity.
 {|
@@ Line 81: / Line 81: @@
 When the packet ring buffer is created and running, the "Packet ring buffer"
-statistics page shows information about the ring buffer useage and several
+statistics page displays information about the ring buffer useage and several
-graphs restored or filtered traffic are displayed. A filter can be applied
+graphs restored or filtered traffic are also displayed. A filter can be applied
-to control which packets are stored in the ring buffer. Check out the chapter
+to determine which packets are stored in the ring buffer. Check out the chapter
 [[Generic_modules(Teil_3)#Packet_ring_buffer|Packet ring buffer]] for more details.
@@ Line 107: / Line 107: @@
 be adjusted to the start and a hint will be displayed.
-== Is it possible to plan a capture in the future? ==
+== Is it possible to plan a future capture? ==
 Yes. Simply select the desired start time in the "Choose capture settings" dialogue
@@ Line 141: / Line 141: @@
 The chapter [[1-_Generic_modules(Teil_1)#Capture_module|Capture module]] explains every possible filter.
-== Get a PCAP via command line ==
+== Get a pcap via command line ==
-It is quite easy to get a PCAP on the command line or in scripts with "curl"
+It is quite easy to get a pcap on the command line or in scripts with "curl"
 which is a tool available for recent versions of Windows 10, Linux and MacOS.
@@ Line 152: / Line 152: @@
 |}
-The user name, password and hostname have to be the same that are used to access
+The user name, password and hostname have to be the same as the ones used to access
 the web interface. Every filter expression that can be used in the web interface
 can also be used here.
@@ Line 158: / Line 158: @@
 Check out the chapter [[1-_Generic_modules(Teil_1)#Capture_module|Capture module]] for further information.
-== It takes too long to open a PCAP file in Wireshark. What can I do? ==
+== It takes too long to open a pcap file in Wireshark. What can I do? ==
-If you are in a situation where you have a huge PCAP and are just
+If you are in a situation where you have a large pcap and are only
-interested in the traffic between two particular IP addresses, you can
+interested in the traffic between two specific IP addresses, you can
 use the Allegro Network Multimeter to analyze the pcap file and
-extract the specific traffic for post-processing with other tools like
+extract the specific traffic for post-processing with tools such as
 Wireshark. See [[Forensic_Pcap_Analysis|Forensic Pcap Analysis]] for details.