Capturing packets with Ethereal

This field specifies the interface you want to capture on. You can only capture on one interface, and you can only capture on interfaces that the Ethereal has found on the system. It is a drop-down list, so simply click on the button on the right hand side and select the interface you want. It defaults to the first non-loopback interface that supports capturing, and if there are none, the first loopback interface. On some systems, loopback interfaces cannot be used for capturing.

This field performs the same function as the -i <interface> command line option.

This field specifies the number of packets that you want to capture. It defaults to 0, which means do not stop capturing. Enter the value that you want in here, or leave it blank.

This field allows you to specify a capture filter. Capture filters are discussed in more details in the Section called Filtering while capturing. It defaults to empty, or no filter.

You can also click on the Filter button/label, and Ethereal will bring up the Filters dialog box and allow you to create and/or select a filter. Please see the Section called Defining and saving filters

This field allows you to specify the file name that will be used for the capture when you later choose Save... or Save As... from the Ethereal File menu. There is no default for this value.

This field allows you to specify the maximum amount of data that will be captured for each packet, and is sometimes referred to as the snaplen. The default is 65535, which will be sufficient for most protocols. It should be at least the MTU for the interface you are capturing on.

This radio button allows you to specify that Ethereal should set the interface in promiscuous mode when capturing. If you do not specify this, Ethereal will only capture the packets going to or from your computer ( not all packets going by your interface).

	Note
	If some other process has put the interface in promiscuous mode you may be capturing in promiscous mode even if you turn off this option

This radio button allows you to specify that Ethereal should update the packet list pane in real time. If you do not specify this, Ethereal does not display any packets until you cancel the capture. When you click on this radio button, Ethereal captures in a separate process and feeds the captures to the display process. [Is this true for Windows?]

This radio button allows you to specify that Ethereal should scroll the packet list pane as new packets come in, so you are always looking at the last packet. If you do not specify this, Ethereal simply adds new packets onto the end of the list, but does not scroll the packet list pane.

This radio button allows you to control whether or not Ethereal translates the first three octets of a MAC addresses into the name of the manufacturer to whom that prefix has been assigned by the IETF.

This radio button allows you to control whether or not Ethereal translates IP addresses into DNS domain names. By clicking on this radio button, the packet list pane will have more useful information, but you will also cause name lookup requests to occur, which might disturb the capture.

	Note
	If you cannot reach the name server, you may find that Ethereal takes a long time in updating the packet list pane as it waits for name translation to time out.

This radio button allows you to control whether or not Ethereal translates port numbers into protocols.