Dan S Zaniewski said:
> 1. I need to know when the capture buffer is full.
To what "capture buffer" are you referring?
> I need to know this to
> estimate how much time it will take to fill. During a capture, how can I
> detect the % filled?
> I found how to set the capture buffer size
I.e., the "capture buffer" that the "Buffer size:" option sets? If so,
then...
> but I need to know % filled during the capture.
That's not a "capture buffer" in the sense that packets arrive and are
stored in the capture buffer until you stop the capture. It's a temporary
buffer into which the WinPcap driver stores packets until the WinPcap
library code reads them, which happens when Ethereal calls the
libpcap/WinPcap routine to read packets. Those packets are then written
to the capture file.
I.e., it's not as if the capture buffer proceeds from being 0% full to
100% full, at which point no more packets can be captured; Ethereal can
keep capturing packets until the file system on which the capture file
resides fills up. The buffer fills up as packets arrive and empties as
packets are read from it and written to the file; how full the buffer is
at any instant depends on whether packets are arriving faster than, as
fast as, or slower than Ethereal can read them and write them to the
capture file. The current percent-full value isn't made available by
WinPcap, so Ethereal can't report it.
> 2. After I do a capture, I want to view only the EthernetIP protocol
> packets. How do I do this?
Type "ip" into the "Filter" box - which is, by default, below the toolbar
- and type Return or Enter.
> I know that this protocol is supported. I
> was able to do this with an earlier version of Ethereal but it is no
> longer intuitive.
The only thing that changed is that the "Filter" box moved from being at
the bottom of the window to being below the toolbar.