Network Uptime

The Buffer Options

The option to 'Save to file' is hidden in the Capture Filter options. Click on the 'Capture' pull down menu, choose 'Define Filters', and select the Buffer tab.

Creating a new Profile

Sniffer Pro uses individual profiles to define separate capture filters. If changes were made to the default profile, these changes would need to be removed before creating a new filter. To avoid this problem and make analysis with the Sniffer Pro more efficient, we'll create a separate filter for our 'Save to Disk' option.

Select the 'Profiles...' button at the bottom of the Buffer tab.

Choose a name for the 'New Profile Name'. We'll use 'Save Buffer to File' as our profile name in this Web-Start. We will use the default option to 'Copy Existing Profile:' from the Default profile, but you may want to look at the 'Copy Sample Profile:' option to see some of the profiles included with Sniffer Pro. Click 'OK' to create this new profile.

Choose 'Done' from the 'Capture Profiles' dialog box to return to the Buffer tab.

Changing the Buffer options
Buffer Size

The 'Buffer Size' refers to the total amount of information the Sniffer will capture to memory. In this case, the 'Buffer Size' will refer to the size of the individual files that will be written to the disk. Depending on your reasons for capturing this information to disk, you may want to change this value from the default of one (1) megabyte. In many cases, a relatively small buffer size of eight (8) to twelve (12) megabytes will keep the traces saved on disk to a manageable size. Some higher-speed topologies and highly utilized networks may require the size to be much larger.

Do not set the 'Buffer Size' to be greater than the physical RAM in your system!

Capture Buffer

The 'Capture buffer' options define the name and number of files that will be saved to disk. Select the 'Save to file' checkbox in the 'Capture buffer' options. After choosing 'Save to file', the 'When buffer is full' options will become greyed-out, since we are effectively deciding the disposition of the buffer with our selection.

The 'Filename prefix:' option should be changed from the default 'Capture' filename to differentiate this capture series from any others, and to avoid overwriting any traces that have been previously saved (unless the 'Unique names' option is selected - see below). In our example, we used Network100 as the prefix to accurately describe the network that will be Sniffed.

The 'Number of files:' option refers to the total number of files that will be saved to disk. We selected 100 files, which would require a total of about 1.2 gigabytes free on our hard drive to save the files. MAKE SURE THE TOTAL NUMBER OF FILES AND BUFFER SIZE SETTINGS DO NOT USE ALL OF THE AVAILABLE HARD DRIVE SPACE! You'll want to have some room available on your hard drive after capturing these files for the Windows operating system and other programs to operate properly.

The 'Unique names' option assures that each file saved to disk will have a different name. If 'Unique names' is not checked, each capture session will overwrite any trace files saved in previous capture sessions. If 'Unique names' is checked, three random characters will be appended to the filenames in each capture session. With these three additional characters as part of the filename, future capture sessions will not overwrite any previous captures.

The 'Wrap file names' option determines what the Sniffer will do once the total number of files has been written to the disk. With the 'Wrap file names' option selected, the 101st file will overwrite the 1st, constantly overwriting the Sniffer traces until the capture is stopped. If this option is not checked, the Sniffer will write 100 files, and will then stop saving the traces to disk.

Packet Size

The 'Packet size' option determines how much of each frame the Sniffer will capture. By default, the packet size is the whole packet. The packet size can be configured as low as 32 bytes, and as large as the whole packet (obviously). If the situation only requires the packet headers be captured, buffer space can be saved by changing the packet size to 32 or 64 bytes.

After making these changes, click on the 'Summary' tab to view the current filter. Notice that the real time Sniffer Expert is disabled while the 'Save to file' option is enabled.

Click 'OK' to close the Define Filter dialog box.

Selecting the Capture Filter

There are two methods of selecting the capture filter. The first method uses the pull-down menus, and the other uses the filter selections on the Capture Panel.

To select the capture filter with the pull-down menus, select the 'Capture' pull-down menu, and choose 'Select Filter...'. The Select Filter dialog box will display the available profiles. Choose a profile, and click 'OK'.

The second (and faster) method of selecting a filter is to use the drop-down list on the Capture Panel. If the Capture Panel is not available on the Sniffer, select the Capture pull-down menu and choose Capture Panel.

The capture panel has a drop-down list that provides quick access to all defined profiles. Click the drop-down list, and choose the 'Save Buffer to File' profile.

Starting the Capture

With the Capture Panel open, press the VCR-type play key - . The capture will start, and all captured packets will be immediately written to the hard drive. The Detail tab will display the number of the saved file.

Since every frame is saved to the hard drive, pressing the stop and display button will display a 'Open' dialog box instead of showing the decode window of the current capture. When using the 'Save to file' option, a file must be opened after capturing to use the decode capabilities of the Sniffer.

Final Notes
The 'Save to file' option of Sniffer Pro is a welcome addition, although care should be taken when configuring the total size of the saved capture files to avoid running out of disk space.