Packet Capture reader

Security Gateway Discussions
Post Reply
racso
Posts: 13
Joined: 26 Jan 2018, 09:08

Packet Capture reader

Post by racso » 11 Apr 2018, 07:44

how I read the file downloaded by "Packet Capture" tool?
If I use textedit I see only strange character

thanks

fras
Posts: 25
Joined: 16 Apr 2018, 13:50

Re: Packet Capture reader

Post by fras » 17 Apr 2018, 10:50

Hello,

One tool that you can use is the free software Wireshark. Find it on https://www.wireshark.org/.
It's widely-used network protocol analyzer and lets you analyze packet captures in-depth.

Best Regards
Fredrik Å
Administrator | Clavister Support

racso
Posts: 13
Joined: 26 Jan 2018, 09:08

Re: Packet Capture reader

Post by racso » 20 Apr 2018, 12:15

Thanks,
now I read the packet, but how do I understand which ip generate more traffic (bandwidth)?

Peter
Posts: 696
Joined: 10 Apr 2008, 14:14
Location: Clavister HQ - Örnsköldsvik

Re: Packet Capture reader

Post by Peter » 23 Apr 2018, 16:33

Wireshark is very powerful with a huge amount of ways to analyzer traffic, but an easy way to check some basic bandwidth would be to:

1. Open the PCAP file.
2. Go to Statistics->Conversations
3. Click the IPv4 tab

Now you can see which IP talks to whom and if you click e.g. Packets or Bytes you can change the sort order to see the ones that generated the most packets/data at the top.

Hope this helps.

Best regards
/Peter

racso
Posts: 13
Joined: 26 Jan 2018, 09:08

Re: Packet Capture reader

Post by racso » 23 Apr 2018, 18:32

thanks for the reply, I tried and it's ok, but the tool of the clavister extract only few packets, see attach.
Only 400/500 packet, and I don't understand how do I do get more packets?

thanks
Attachments
Schermata 2018-04-23 alle 18.29.09.png
Schermata 2018-04-23 alle 18.29.09.png (127.93 KiB) Viewed 4681 times

SECOIT GmbH
Posts: 39
Joined: 13 Feb 2018, 16:20
Contact:

Re: Packet Capture reader

Post by SECOIT GmbH » 23 Apr 2018, 22:45

Click "Stop All", click "Cleanup", open "Capture Options" and set the required interfaces/protocols/ports/adresses and extend the "Capture Size" limit to the required value.
Default "Capture Size" is 512 kiB but can be changed to 512 MiB.

Hint: Sometimes it is required to click "Clear options" first to be able to change the capture size
Best Rregards
Michael

racso
Posts: 13
Joined: 26 Jan 2018, 09:08

Re: Packet Capture reader

Post by racso » 24 Apr 2018, 08:39

thank you, this is that I wanted :D

Post Reply