Customizing Ethereal

on the creation date and time.

When the first capture file fills up, Ethereal will switch to writing to the next file, until it fills up the last file, at which point it'll discard the data in the first file (unless 0 is spe- cified, in which case, the number of files is unlimited) and start writing to that file and so on.

If the optional duration is specified, Ethereal will switch also to the next file when the specified number of seconds has elapsed even if the current file is not completely fills up.

 

:v

Switch to the next file after value seconds have

 

al

elapsed, even if the current file is not com-

 

durationue

pletely filled up.

 

:val

Switch to the next file after it reaches a size of

 

filesizeue

value kilobytes (where a kilobyte is 1000 bytes,

 

 

not 1024 bytes).

 

files:value

Begin again with the first file after value num-

 

 

ber of files were written (form a ring buffer).

-B <capture buffer size (Win32

Win32 only: set capture buffer size (in MB, default is 1MB).

only)>

This is used by the the capture driver to buffer packet data un-

 

til that data can be written to disk. If you encounter packet

 

drops while capturing, try to increase this size.

-c <capture packet count>

This option specifies the maximum number of packets to cap-

 

ture when capturing live data. It would be used in conjunction

 

with the -koption.

-f <capture filter>

This option sets the initial capture filter expression to be used

 

when capturing packets.

-g <packet number>

After reading in a capture file using the -r flag, go to the giv-

 

en packet number.

-h

The -hoption requests Ethereal to print its version and usage

 

instructions (as shown above) and exit.

-i <capture interface>

The -ioption allows you to specify, from the command line,

 

which interface packet capture should occur on if capturing

 

packets.

 

 

An example would be: ethereal -i eth0.

 

To get a listing of all the interfaces you can capture on, use

 

the command ifconfig -aor netstat -i. Unfortunately, some

 

versions of UNIX do not support ifconfig -a, so you will have

 

to use netstat -iin these cases.

-k

The -koption specifies that Ethereal should start capturing

 

packets immediately. This option requires the use of the -i

 

parameter to specify the interface that packet capture will oc-

 

cur from.

 

-l

This option turns on automatic scrolling if the packet list pane

 

is being updated automatically as packets arrive during a cap-

 

ture ( as specified by the -Sflag).

-L

List the data link types supported by the interface and exit.

143

Page 156 Page 158
Page 157
Image 157
Lucent Technologies Ethereal Durationue, Filesizeue, Capture buffer size Win32, Only, Capture packet count, Packet number
Page 156 Page 158
Top Page Image Contents