Live Capture

ProfiShark can be used to capture network traffic and send it to a dedicated capture software. The process is transparent for packet size, packet type, and protocol. All tags and encapsulation are preserved (e.g. VLAN, MPLS, GRE).

To start capturing network data directly in your software network analyzer of choice, launch the network analyzer and select the ProfiShark device that should appear in the list of network interfaces.

Note: Capturing traffic at high speeds is extremely CPU intensive and can cause software packet drops. For better performance, it is recommended to use ProfiShark Manager's Direct Capture function.

Live Capture with Wireshark Extcap Tool

To capture traffic with ProfiShark directly in Wireshark, the Extcap Tool is recommended, as it provides high-resolution hardware timestamps without altering the packets

First, install the Extcap Tool (see Wireshark Extcap Tool). This will add a new capture interface in Wireshark in the form 'ProfiShark <MAC address>'. Set the capture options in the ProfiShark Manager's Features tab. Open Wireshark, and start the capture on the aforementioned capture interface.

Note: Direct Capture must be stopped in order to use the Live Capture with Wireshark Extcap Tool function.

Live Capture with Wireshark Dissector

To capture traffic in Wireshark with high-resolution timestamping without the Extcap Tool, the ProfiShark Dissector for Wireshark must be installed for the timestamps to be properly interpreted by Wireshark.

First, install the dissector (see Wireshark Dissector). In the ProfiShark Manager's Features tab, select “Enable timestamps in live capture”. Open Wireshark and enable the dissector through the following menu path: Edit → Preferences → Protocols → ProfiShark. Start the capture.

  • Last modified: March 21, 2024

© 2024 Profitap HQ B.V. and its licensors. All Rights Reserved — Profitap HQ B.V., High Tech Campus 84, 5656 AG Eindhoven, The Netherlands | Privacy Policy | Terms and Conditions