writepackets - Write packets to a file in 'PCAP' format
A stream containing a field of packet type.
[The tool outputs packets to PCAP formatted file]
The tool writes the the first field with packets in the input to a PCAP formated file.
The user has the option of choosing some limitations of the files generated; these limits are age, and size. If either limit is met, a time stamp is appended to the filename, and a new file is created with the original name, and further writing is directed to the new file. This is called rotation.
The time stamp has the format YY-MM-DDTHHMMSS, which has the advantage of being sorted chronologically in file listings.
As an example, the original name foo.pcap would be renamed to foo-08-07-12T133742.pcap, if it reaches a set limit at that time, and further writing will continue to a new file, named with the original name foo.pcap.
The name of the file (original name) to write to (with no time stamps.)
Click this if you want the IP packets only. This saves some space since it does not save the linklayer protocol (Ethernet).
|
Note
|
All packets not belonging to the IP family will be discarded. |
Select how often the file will be rotated (and thereby renamed.)
The maximal file size allowed, after which it will be rotated.
|
Note
|
A file is never allowed to exceed 2GB, at which point it is forcibly rotated. |