Packet Capture: Packet Analyzers - Page 2
Figure 1-2 ethereal Capture Preferences
While you are capturing traffic, ethereal will display a Capture window that will give you counts for the packets captured in real time. This window is shown in Figure 1-3. If you didn't say how many frames you wanted to capture on the last screen, you can use the Stop button to end capture.
Figure 1-3 ethereal Capture
Once you have finished capturing data, you'll want to go back to the main screen shown in Figure 1-1. The top pane displays a list of the captured packets. The lower panes display information for the packet selected in the top pane. The packet to be dissected is selected in the top pane by clicking on it. The second pane then displays a protocol tree for the packet, while the bottom pane displays the raw data in hex and ASCII. The layout of ethereal is shown in Figure 1-1. You'll probably want to scroll through the top pane until you find the traffic of interest. Once you have selected a packet, you can resize the windows as needed. Alternately, you can select Display Show Packet in New Window to open a separate window, allowing you to open several packets at once.