Wireshark-users: Re: [Wireshark-users] running wireshark just before and after downloading a payl

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Tue, 22 Jan 2008 00:16:00 +0100

Well apparently you have some clue what's going on, that is what protocols can be used. I think you can make an educated guess from that.
Otherwise a different tool may be better for you, like ntop maybe?
Wireshark is really meant to drill down into the packets and squeeze the latest details out of them. You are going the other way, so maybe this is not the tool for you.


Albretch Mueller wrote:
On Jan 21, 2008 4:38 PM, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:

That one is easy. Just set the snaplength to the size you need.
That is the "Limit each packet to xxx bytes" entry on the Capture
options dialog.
 but headers lengths differ for different protocols, if you set
snaplength to 0 how are you going to know them
 I would like to still get the metadata about the connection