Security Onion will then locate the stream and render a high level overview of the packets.
If there are many packets in the stream, you can use the
LOAD MORE button,
Rows per page setting, and arrows to navigate through the list of packets.
You can drill into individual rows to see the actual payload data. There are buttons at the top of the table that control what data is displayed in the individual rows. By disabling
Show all packet data and
HEX, we can get an ASCII transcript.
Finally, you can also download the pcap by clicking the button on the right side of the table header.