Table of Contents
Advertisement
3.2. Live Capture
ProfiShark can be used to capture network traffic and send it to a dedicated capture software. The process
is transparent for packet size, packet type, and protocol. All tags and encapsulation are preserved (e.g.
VLAN, MPLS, GRE).
To start capturing network data directly in your software network analyzer of choice, launch the network
analyzer and select the ProfiShark device that should appear in the list of network interfaces.
Note: Capturing traffic at high speeds is extremely CPU intensive and can cause software packet drops.
For better performance, it is recommended to use ProfiShark Manager's Direct Capture function.
3.2.1. Live Capture with Wireshark Extcap Tool
To capture traffic with ProfiShark directly in Wireshark, the Extcap Tool is recommended, as it provides
high-resolution hardware timestamps without altering the packets
First, install the Extcap Tool (see
2.2.2. Wireshark Extcap
Tool). This will add a new capture interface in
Wireshark in the form 'ProfiShark <MAC address>'. Set the capture options in the ProfiShark Manager's
Features
tab. Open Wireshark, and start the capture on the aforementioned capture interface.
Note: Direct Capture must be stopped in order to use the Live Capture with Wireshark Extcap Tool function.
3.2.2. Live Capture with Wireshark Dissector
To capture traffic in Wireshark with high-resolution timestamping without the Extcap Tool, the ProfiShark
Dissector for Wireshark must be installed for the timestamps to be properly interpreted by Wireshark.
First, install the dissector (see
2.2.3. Wireshark
Dissector). In the ProfiShark Manager's
Features
tab, select
"Enable timestamps in live capture". Open Wireshark and enable the dissector through the following menu
path: Edit -> Preferences -> Protocols -> ProfiShark. Start the capture.
3.3. Long-Term Capture
The long-term capture feature expands the number of use cases for ProfiShark. By combining the capture
capabilities of ProfiShark with the storage capabilities of a NAS, it becomes possible to capture traffic for
extended periods of time, making it easier to catch intermittent network problems in the act.
The ProfiShark USB key package (included with the product, and also available at resources.profitap.com)
provides packages for various Synology architectures.
Install the package corresponding to your Synology NAS (see
2.1.4. Synology
NAS).
For optimal capture results, an Intel-equipped Synology NAS is recommended.
45
Advertisement
Table of Contents
