WANGUARD 5.2 User Manual & Administrator's Guide
●
BPF Expression
Click the lightbulb icon on the right to open a window containing the correct BPF – Berkley Packet Filter
syntax. Ofen used BPF expressions can be saved there and used at any tme later.
The use of a BPF expression is mandatory but you can use the “ip” string to capture all IP trafc.
●
Max Running Time
The maximum running tme.
●
Stop Capture On
When the Max Running Time is set to “Unlimited” you can set an exact date when the capture will stop.
●
Max File Size (MB)
Before writng a raw packet to a fle, check whether the fle is currently larger than the <number> and, if
so, close the current fle and open a new one.
●
Max Packets
The capture stops afer receiving <number> packets.
●
Max File Number
Setng this will limit the number of fles created to the specifed <number>, and begin overwritng fles
from the beginning, thus creatng a 'rotatng' bufer. In additon, it will name the fles with enough
leading 0s to support the maximum number of fles, allowing them to sort correctly.
●
Time Rotaton (s)
If specifed, it rotates the fle every <number> seconds.
●
Sampling Type & Value
Select “None” when no packet sampling is required. Select “1 / Value” to save just one packet every
<value> packets. Select “Value / 5s” to save maximum <value> packets every 5 seconds.
●
Filename Prefx
The name of the capture fle. If any fle-rotaton optons are used then a number will be appended to
the flename.
●
Snapshot (bytes/pkt)
Snarf <number> bytes of data from each packet rather than the default of 65535 bytes. Note that taking
larger snapshots both increases the amount of tme it takes to process packets and, efectvely,
decreases the amount of packet bufering. This may cause packets to be lost. You should limit <number>
to the smallest number that will capture the protocol informaton you're interested in.
●
Comments
This feld may contain comments about the trafc capture.
Actve Captures are listed as a table with in following format:
●
Descripton [ BPF ]
The capture's descripton and the BPF expression.
- 14 -
Содержание Wanguard 5.2
Страница 1: ......