Analysis View Overview
The analysis view shows the content of a single PCAP
The view is normally composed of the following parts
In the following screenshot an analysis filter has been applied and just a subset of the packets within the PCAP is shown in the packet list.
Analyze Actions
The actions menu of the analysis view gives you quick actions to change the view of the trace files and a quick access to change certain profile parameters.
- decode as
- copy link (copy permalink to the trace file)
- edit analysis
- edit profile
- autosize columns
- save special packets
- stream filter
- packet info
- packet coloring
- dark mode
- profile selection
- view selection
Decode As
The decode as actions allows you to overwrite the decoding behaviour. It is sometimes necessary that the analyst guides the tool to decode a certain protocol that is not recognized. Common examples are protocols that work on non well-knonw ports like ftp-data
, rtp
or http
on a high port.
For example with this trace the unknown UDP protocol on port 18388 can be decoded
The packets are then decoded correctly as RTP