Capturing live network data is one of the major features of Wireshark.
The Wireshark capture engine provides the following features:
-
Capture from different kinds of network hardware such as Ethernet or 802.11.
-
Simultaneously capture from multiple network interfaces.
-
Stop the capture on different triggers such as the amount of captured data,
elapsed time, or the number of packets.
-
Simultaneously show decoded packets while Wireshark is capturing.
-
Filter packets, reducing the amount of data to be captured. See
Section 4.10, “Filtering while capturing”.
-
Save packets in multiple files while doing a long-term capture, optionally
rotating through a fixed number of files (a “ringbuffer”). See
Section 4.8, “Capture files and file modes”.
The capture engine still lacks the following features:
-
Stop capturing (or perform some other action) depending on the captured data.