• Name: Type a descriptive name for the capture. Unique names can help you to identify and organize your captures.

• Capture to disk: Select this option to save packet files on your disk. Packet files saved to your hard disk (and the individual packets/packet decodes in each of the files) can be opened and analyzed at a later time with Omnipeek. If you are more interested in speeding up analysis of the data and conserving hard disk space, you may want to disable Capture to disk.

• Priority to CTD: Select this option so that real-time analysis doesn't impact the capture-to-disk (CTD) performance. When this option is enabled, it is less likely that packets are dropped when they are captured to disk. If capturing all the packets to disk is desirable, enable Priority to CTD. If analysis is more important, disable Priority to CTD.

• Intelligent CTD: Select this option to reduce the amount of data stored to disk and increase your retention time by intelligently slicing off encrypted payloads. It does this by tracking flows—if a flow is encrypted, the full data for the first 20 packets is kept and the payload from the rest of the packets is sliced. It keeps the first 20 without slicing so the certificate exchange is always included.

• File Name: Type the name used as a base file name prefix for each capture file that is created using the Capture to disk option. Additionally, each capture file is appended with a timestamp indicating the date and time the file was saved. The format of the timestamp is YYYY-MM-DD-HH.MM.SS.mmm.

• File Size (MB): Enter or select the maximum file size before a new file is created.

• Disk Space For This Capture: Move the slider control (or enter a value in the text box) to set the amount of hard disk space allocated for the capture. The minimum value of the slider is the minimum size of disk space a capture can occupy.

• Capture Statistics: Select the type of statistics desired for the capture:

• Packet File Indexing: Under certain conditions, Packet File Indexing increases performance for forensic searches that use software filters. Overall capture-to-disk performance can degrade slightly, but forensic search results may be returned significantly faster if the packet elements being filtered are contained in the index and the packet characteristic is sparsely located within the packet files being searched. Enable the packet characteristics below you are most likely to use in a forensic search software filter.

• Buffer Size (MB): Enter a buffer size, in megabytes, for the amount of memory dedicated for the capture buffer. The capture buffer is where packets are placed for analysis. The default is 256 megabytes. A larger buffer can reduce or eliminate packet loss due to spikes in traffic. When Capture to disk is enabled, the Buffer Size option is unavailable.