ProfiShark Manager — Capture
ProfiShark can capture traffic without the need for third-party capture software. This Direct Capture is performed at the driver level, prior to all network stacks and frame processing. Direct Capture provides the best performance, enabling small packet capture at wire speed.
The Capture tab contains the controls for the Direct Capture feature. The captured data is saved to PCAP Next Generation files (.pcapng) with hardware-generated packet timestamps. ProfiShark Manager also provides an option for uploading capture files to Cloudshark.
| Capture directory | Specify the location where the capture files will be saved. |
|---|---|
| File name pattern | Specify the naming pattern for the capture files, where %N is the file number, %Y the year, %M the month, %D the day, %H the hour, %m the minute, and %s the second. |
| Create a new file automatically after | Creates a new file when the specified time or file size is reached. |
| Stop after | Stops the capture when the specified number of files is reached. |
| Use a ring buffer with | Overwrites the capture files when the specified number of files is reached. |
| Statistics | Written to File: Performance statistics. Displays the amount of data currently written in the output file, helping users determine the best buffer size. Dropped: Dropped bytes. Indicates the amount of data dropped during the capture, due to performance issues or buffer overflow. Current Buffer: If dropped packets start to appear (“Dropped” statistic), increase the Buffer size value. |
| Buffer size | In high bandwidth utilization scenarios, a larger buffer size accommodates more data to be temporarily stored into the computer’s memory before being saved to the file, helping to avoid captured data being dropped. |
| Capture full frames | Enable this option to capture the entire L1 Ethernet frames, which include the preamble (0x55), the SFD, and the CRC. This can be useful for TSN (Time-Sensitive Networking) capture. |
| Upload pcap-ng files to Cloudshark | Enable this option to upload capture files to Cloudshark automatically. |
| Appliance URL | Set the appropriate URL of the Cloudshark server on which to upload the capture files. |
| API Token | Set the appropriate token for the Cloudshark server set above. |
| Display filter | Optional display filter for the capture files uploaded to Cloudshark. Regular Cloudshark/Wireshark display filters can be set here. See: https://wiki.wireshark.org/DisplayFilters |
Note: The amount of dropped data depends on the data storage throughput and the amount of allocated memory buffer. Disk arrays or SSDs can drastically improve capture performance.