What is NfSen?
Take a Screenshot Using Steam's Shortcut. If you're playing a game on Steam, you can use the. Starting on 22nd March 2021 all users will be upgraded to the shiny new system featuring easy access to their preferences, an improved design and more control directly in the notifications panel. We need to permanently remove all existing notifications with this change, so please use this time to check the ones you currently have if you care. When I always perform screenshots by pressing Windows Key + Prt Sc the screen will fade in seconds then I will find the screenshots that I've captured on Pictures Folder but I can't see any Screenshots Folder. This happened when we upgraded our PC to Windows 10. In computing, a keyboard shortcut is a sequence or combination of keystrokes on a computer keyboard which invokes commands in software. Most keyboard shortcuts require the user to press a single key or a sequence of keys one after the other. Other keyboard shortcuts require pressing and holding several keys simultaneously (indicated in the tables below by this sign: +).
Virtual machine 64 bit ubuntu. NfSen is a graphical web based front end for the nfdumpnetflow tools.
NfSen allows you to:
Display your netflow data: Flows, Packets and Bytes using RRD (Round Robin Database).
Easily navigate through the netflow data.
Process the netflow data within the specified time span.
Create history as well as continuous profiles.
Set alerts, based on various conditions.
Write your own plugins to process netflow data on a regular interval.
Different tasks need differentinterfaces to your netflow data. NfSen allows you to keep all theconvenient advantages of the command line using nfdump directly andgives you also a graphical overview over your netflow data.
NfSenis available at sourceforgeand distributed under the BSDlicense.
Versions:
Stable: 1.3.6 for use with nfdump Dec 31, 20111.6.5.
Snapshots: May be provided betweenstable releases and are published as snapshot-yyyymmdd
This documentation refers toversion 1.3.2
Note: All IP addresses in this documentare anonymized. Any coincidence with real IP addresses is by purechance.
NfSen is hosted by Sourceforge:
Table of Content
NfSen - Netflow Sensor
NfSen - General Overview Page | NfSen – Navigation Page | NfSen - Navigation Page |
NfSen - Netflow Processing output | NfSen - Profile Info | NfSen - Alerting |
Prerequisites:
PHP and Perl:
NfSen is written in PHP and Perl and should run on any *NIX system.
At least Perl 5.6.0 and PHP > 4.1 is required including the Socket and Perl regex extension.Perl Modules:
NfSen alerting requires the following Perl Modules:
Mail::Header, Mail::InternetRRD tools
All netflow graphs in NfSen require RRD. At least the RRDs Perl Module is required.
You will find all about RRD here.Nfdump tools
The nfdump tools are the backend tools for NfSen and will collect and process the netflow data.
Make sure, that you have version 1.5.8 installed. Don't try any version < 1.5.5, or the profiles will not work.
You can download nfdump from sourceforge nfdump.sourceforge.net.
First Installation
NfSen has a very flexible directorylayout. To simplify the first time installation, a default configfile is provided, which requires only little changes to work. Thedefault layout stores everything but the html pages under BASEDIR.However, you may configure NfSen to fit your local needs. The figurebelow shows the default layout with most configurabledirectories.
All netflow data is stored under PROFILEDATADIR. Somake sure you have enough disk space for this directory. You may alsomount a dedicated disk volume to PROFILEDATADIR.
Directory Structure
If you have installed allprerequisites, change to the etc directory and copy the NfSentemplate config file nfsen-dist.conf tonfsen.conf.
Edit nfsen.conf according your needs.
When you are done with nfsen.conf, run the install.pl script inthe NfSen distribution directory:
Running install.pl will:
Create the NfSen environment under BASEDIR
Copy the php/html files into the HTMLDIR
Create the live profile.
Prepares the RRD DBs for the live profile.
Creates and configures config.php
After the installation, you will find the nfsen.conf file inCONFDIR. This documentation, is installed in DOCDIR. However. the webpage has no direct link to the documentation.
UpgradingNfSen
The installer supports upgrading from NfSen version 1.2.x.Upgrading from NfSen versions < 1.2 will not wok. You will firstneed to upgrade these installations to 1.2.4 and then to 1.3.x.
To upgrade your current NfSen installation:
Stop old nfsen, due to nfprofile incompatibilities.
./nfsen.rc stopUpgrade nfdump to stable 1.5.6. Do not forget to configure nfdump with --enable-nfprofile option.
This update is required!Upgrade NfSen:
./install.plThis will update your current NfSen installation. and you're done.
Note:
As of snapshot20060325, NfSen changed the RRD DB layout to enable 'on the fly'add/delete of netflow sources. This requires to convert all RRD DBsfrom all profiles from old style to new style layout. This is doneautomatically at installation time but will take some time tocomplete. Do *NOT* interrupt the conversion process at anytime or your nfsen installation will be corrupted. Once you upgradedyou can not downgrade NfSen to an older version.
If you have plugins installed, check the README.plugins file for some small changes required to be for each plugin. If you have PortTracker installed, you need to update to the PortTracker version included in the contrib directory, coming with NfSen. You need not to rebuild your current db files, just rebuild nftrack and replace the plugin files. See the INSTALL file.
Start NfSen:
BINDIR/nfsen start
Adding/Removing Netflow Sources inNfSen
Each channel in NfSen has a collector associated. Thereforeadditional parameters are required for each channel. All thesesettings are stored in the config file nfsen.conf. Toadd/remove netflow sources edit the nfsen.conf file. Make appropriatechanges such as adding/deleting entries in the %sources hash.When done, run ./nfsen reconfig on the command line. This willcreate or delete the channels as well as stop/start the collectors asnecessary. Note: If you make some changes on existing channels in the%sources hash, this does not require to reconfig NfSen. Simply stopand start NfSen.
Start-Stop NfSen
The nfsen command inBINDIR is also used to start and stop NfSen. You may create asoft link from your appropriate rc.d directory to this file., orinclude this command into the BSD style rc.local file.
Tostart NfSen:
This starts all nfcapd processes to collect the netflow data and thenfsend background process to update your profiles, as new databecomes available. Point your web browser to nfsen.php. ( Typicallyhttp://yourserver/nfsen/nfsen.php ).
To stop NfSen:
The background task nfsend as well as nfcapd log to syslog.nfsend is very chatty, when configuring syslog priority 'info'or less. You may want to set the syslog priority to 'warning' fornormal operation. For debugging purpose, use 'info' or 'debug'.
NfSen has two different user interfaces:
Web Interface
Command line interface
Most of the time you will want to use the web interface. However,you can almost do everything from the command line as well. Thecommand line interface is described in more details later in thisdocument.
Tab Navigation
TabNavigation
The navigator bar allows you to select the different views.The default view is Home, when you point your browser tonfsen.php. It shows an overview of the currently selected profile. Bydefault, this is the live profile. The three columns show the'Flows', 'Packets' and 'Bytes'history.
If the currently selected profile is a continuousprofile, the page is automatically refreshed every 5 minutes toupdate the graphs. This allows you to have a browser window on yourscreen, with always up to date graphs. The Graphs tab adds asub navigator bar, where you see again the 'Flows','Packets' and 'Bytes' graphs but biggerin size. When clicking on one of the graphs in either view, you willbe automatically switch to the 'Details' view forfurther investigation processing.
Flow Navigation
Detailed navigation and investigation of the netflow data is donein the 'Details' view. When entering this view, youwill see the navigation display.
NavigationDisplay
NetflowProcessing Controls
The page is divided into twoparts: The upper part allows you to navigate through the netflow dataas well as selecting a single time slot or time window. The lowerpart contains all the controls to process the netflow data of theselected time slot or time window.
Clicking on any of the small protocolor type graphs will replace the main graphics with the selectedgraph. You can switch back and forth and select the protocol and/ortype for the main graph, which is appropriate for investigating yourcurrent situation. The bigger main graph is automatically split intothe protocols 'TCP', 'UDP', 'ICMP' and 'other', which is 'not (prototcp or proto udp or proto icmp)', whenever you switch the type. To'flows', 'packets' or 'bytes'.
Theavailable time span of the graph can be changed using the pull downmenu, just below the main graph:
SelectTime Span
Selecting a differenttime slot
A time slot starts at every 5 minutes cycle of the hour( 0, 5, 10, 15 etc. ) and lasts 5 minutes. On the other side a timewindow consists of several time slots. When entering the 'Details'view a window scale of one days is selected so you will see thelast 24 hours of the profile. The time cursor is placed in the middleof the begin and end of these 24 hours and the time window slot isset to one time slot. You will see the selected time slot or timewindow always in the title of the browser window, in the title of themain graph as well as above the small type graphs in the upper rightsection of the main graph. There are several ways to change thecurrent time slot.
The most easiest one is by simply clicking into the graph at the appropriate time slot. This immediately move the cursor to the selected position.
You may also very easily dragging the handle of the cursor to the select time slot within the selected time span.
Fig.Drag Handle to move time slot
While moving the handle,the current selected time slot is automatically updated in tstartand tend on the right hand side of the graph. Whenreleasing the handle, the cursor automatically snaps to the nearesttime slot and the values in the statistics table are updatedaccordingly.
Other ways selecting a different time slot using the control buttons below the main graph:
Using the time cursor controls:
> | Next time slot: Advance time by 5 minutes. |
< | Previous time slot: Go back 5 minutes. |
>> | Advance time slot by a full time span of the graph. |
<< | Go back by a full time span of the graph. |
>| | Go to the end of the profile. ( current time slot ) |
| | Center time cursor in current graph. |
^ | Place cursor at the peak, found within +/- 1 hour time-span of current cursor position. |
The graphs are immediately updated, when selecting a different time slot. However, there are limits for moving the cursor. The cursor can not be moved outside the visible part of the graph on the left or right hand side. You may also not move the cursor outside a time slot where data has expired and no data is available for processing. This limit is marked by the dark grey area on the left hand side of the graph.
Fig.Border of available Data
Selecting a time window
Sometimes it is desirable to select and process more than a single5 min time slot. From the menu below the main graph select 'TimeWindow'
Fig.Select time window
This splits the cursor handle into two halves, whichcan be dragged individually as needed. Drag the left and/or rightborder of the selected window as needed.
Selected Time Window
The statistics summary isautomatic updated, when releasing either handle, when moving. Toswitch back to a single time slot, select 'Single Timeslot' fromthe menu.
Control M Screenshots Windows 10
Statistic Summary
The statistic summary below the maingraph gives you an overview about flows, packetsand traffic of the selected time slot or time window.Each line corresponds to one configured netflow source in profile'live' or to a configured channel in any other profile. Foreasy visual matching a small colour field with the same colour as inthe the graph prepends each row. If you are interested in only someof the channels, you may remove the others by clicking thecheckboxes. This disables or enables this channel in all graphs andin the statistics respectively.
The statistic summary can be switchedbetween the total sum of the selected time window, or the rate valuesper second. The scaling factors for K, M and G are 1000.
Fig.Summary Statistics
Individual columns can becollapsed or expended as needed, by clicking on the blue triangles.The entire statistics can be shown or hidden by clicking on theyellow triangle. When collapsing a column, a single column remainswith the type, which is shown in the main graph.
Fig.Expand/Collapse stat
Disabledsources 'upstream' and 'gateway'
Enabling or disabling channels re-scales the graphsaccording the remaining sources, you get a more detailed graph and adifferent resolution on the y-axis.
Graph Display Options
To view the details your are interested in, a graph may bedisplayed with different options:
Scale:
Linear y-axis
Logarithmic y-axis.
Graph Type:
Stacked: All sources are drawn on top of each other.
Line: All sources are drawn independent.
You may switch at any time the display option by clicking on theappropriate radio buttons in the lower right corner of the maingraph. You may spot more easily peaks in some of the sources byswitching to the line graph display option.
Fig.Line graph
Netflow Processing
Once you have selected the time windowof interest, you can process and filter the netflow data accordingyour needs, using the process form in the lower part of the window:
Select the netflow sources to process. You may select multiple sources.
Enter a netflow filter. The syntax conforms to the nfdump filter syntax.
Select any options for the analysis.
Click 'process'.
A default filter is supplied when a specific protocol is selected in the main graph. You may add any further filter expressions as needed.By just clicking process, a top 10 statistics of the any IP address ordered by flows is calculated. However, you may change this at any time.
The sources, the filter as well as all options from the processing form are compiled into the appropriate nfdump command. For convenience a short description of the filter syntax and options follows. More details are available in the nfdump(1) man page.
Control M Screenshots Online
Filter Syntax
The filter syntax is similar to thewell known pcap library used by tcpdump. The filter can span severallines. Anything after a '#' is treated as a comment and ignored tothe end of the line. There is virtually no limit in length of thefilter expression. All keywords are case independent, unlessotherwise noted. For a complete filter syntax see the nfdump(1)man page.
Any filter consists of one or more expressions expr.Any number of expr can be linked together:
NamedFilters
An often used filter can be saved and used at any time later whileprocessing flows. To create such a custom filer, enter the filter inthe text box and click on the diskette symbol to save your filter.After successfully saved, the filter is available in the select box.The resulting filter is always the filter in the text box and thenamed filter, therefore logically linked 'and' . A namedfilter may be delete or edited at any time by selecting the filterand clicking on the appropriate icon – either edit, or delete. Thenamed filters are store in a file under BASEDIR/var/filters and canalso be changed there.
Fig.Default Filter
Options
When processing netflow data, there aretwo general options. Listing flows and creating a flow statistics.You can switch between the two options by clicking on the appropriatebutton. Depending on what you have selected, the panel automaticallyadapts to all available options.
List Flows | |
Limit to | List only the first N flows of the selected time slot |
Aggregate | Option to aggregate the flows. |
Sort | When listing flows from different channels/sources you may sort them according the start time of the flows. Otherwise the flows are listed in sequence of the selected channels. |
Output | Select one of the available formats to list the flows. The predefined formats 'line', 'long' and 'extended' are always available and correspond the the output formats of nfdump likewise. However, you may specify any time additional output formats by selecting 'custom ..'. Enter your own format now in the text input which appears. The format is equivalent to the format specification described in the nfdump(1) man page.
By clicking on the diskette symbol, you save your new format, which appears now in the selection menu, ready to use. |
Stat TOP N | |
Top | Limit the statistics to the first top N |
Stat | Select the statistics you want from the menu and the order option |
Aggregate | This option is only available for the flow record statistics and is equivalent to the aggregate option in List flows. See the description above. |
Limit | Limit the output only to those statistic lines whose packets or bytes match the specified limit. |
Output | This option is identical to the Output option in 'List flows' . See the description above. |
Note:
Depending on the size of your network, netflowprocessing may consume a lot of time and resources, when you select alarge time window and multiple resources.
IP Lookup
All IP addresses in the flow or statistic listing can be easilylooked up by clicking on the IP address. The result of thecyberwhois.org, maintained by Philippe Bourcier, is shown in a lookupbox.
Fig.IP Lookup
However, you may customize this lookup by creating yourown lookup. In the $LIBEXECDIR copy the module Lookup.pm toLookup_site.pm and change the Lookup function accordingto your own needs. Do not forget to change the module name to'Lookup_site'. Do not modify the original Lookup module, asany future NfSen update may overwrite your changes.
Profiles
A profile is a specific view on the netflow data. A profile isdefined by its name, type and one or more profilefilters, which are any valid filters accepted by nfdump.
Atleast the profile 'live' is always available and is used tostore your incoming netflow data without filtering. You can switchback and forth to any profile using the pull down menu in the upperright corner of the web page.
Fig.Profile Selection
Profile Types
A profile can be either of type History or Continuous.A history profile starts and ends back in the past and remainsstatic. It neither grows nor expires. A continuous profile may startin the past and is continually updated while new netflow data becomesavailable. It grows dynamically and may have its own expire valuesset. Old data expires after a given amount of time or when a certainprofile size is reached. Additionally a profile can be created as aShadow profile, which means no netflow data is collected, andtherefore saves disk space. A shadow profile accesses the data ofprofile 'live' when data processing is done with the properprofile filters applied first.
Continuous
| History
|
Continuous / Shadow
| History / Shadow
|
Profile Channels
A profile contains one or more profile channels. A profile channelis defined by its channel filter, colour, sign and order in which thechannel is displayed in the graph. A channel is based on one or morenetflow sources from the 'live' profile. The number ofchannels is independent of the number of netflow sources.
Fig.Profile Channels
Fig.Profile Examples
Creating profiles
Select the 'New profile ..' entry in the profile pulldown menu.
Completethe 'New Profile' form to start building the profile. By moving themouse over the '?' icon, a help text appears to guide youthrough the process of creating the profile.
Profiles may be grouped together for easier selection in theprofile menu. Select either an existing profile group, or create anew group according to your needs. There is no difference to otherprofiles other than grouping the profiles in the profile menu.
The profile type 'Continuous' or 'History' isautomatically detected according the 'Start' and 'End'values you enter. As profiles are created from netflow data fromprofile 'live', the start and end of the profile must fall inthe time range of the profile 'live'.
If you leave the 'Start' and 'End' inputs empty, a continuous profile is created and starts from the time the profile is created.
If you enter a 'Start' time but no 'End' time, a continuous profile is created. Data from the past up to to time, the profile is created is profiled and updated immediately when the profile is created.
If you enter a 'Start' and 'End' time a history profile is automatically created.
Expire / Max Size
A continuous profile may expire due tothe age of the data or the profile size used on disk. Expiring startswhenever one of the two limits is reached. Expiring ends at theconfigured value $low_water ( in % ) in the config filenfsen.conf. By setting any of these values to 0, the limit does notapply.
1:1 Profile
For compatibility with NfSen version 1.2.x aprofile with 1:1 channels may be created, which means, that for everynetflow source in the live profile a corresponding channel in theprofile will be automatically created. The selected sources and thefilter in the profile create dialogue are taken for this 1:1 profile.This is the easiest type of a profile.
Individual Channels
For new style profiles select thisoption. In the 'new profile' dialogue entries for netflow sources aswell as for the common filter disappears, as these parameters are nowindividual for each channel and entered in the channel dialogue.
Fig.Successful creation of a new profile with individual channels.
Creating channels
After the profile has beensuccessfully created, one or more channels can be added now byclicking on the '+' icon at the right hand side of the'Channel List'.
Individual Channels
For new style profiles select thisoption. In the 'new profile' dialogue entries for netflow sources aswell as for the common filter disappears, as these parameters are nowindividual for each channel and entered in the channel dialogue.
Fig.Successful creation of a new profile with individual channels.
Creating channels
After the profile has beensuccessfully created, one or more channels can be added now byclicking on the '+' icon at the right hand side of the'Channel List'.
Fig.Channel Dialogue
The parameters colour, sign and order are used to display thechannel correctly in the graph. The filter as well as the netflowsources are needed to correctly profile the channel. The procedure ofadding a channel to a new profile can be repeated as often asrequired to complete the profile. When all channels are added the newprofile must be committed to activate the new profile. This is doneby clicking on the checkmark on the right hand side of the 'Status'line.
Fig.Commit new profile
Once the profile is committed, the build process starts ifrequired. Depending on how long back in the past the profile starts,this can take a considerable amount of time. You can follow the buildprocess by looking at the progress bar, showing you the percentage ofcompletion. This progress bar is updated automatically every 5seconds. Note: There are no graphs available in the profile as longas the profile is not completely built.
Fig.Progress of building the profile
Please note: For the 'live' profile, channelshave to be configured in nfsen.conf.
Managing Profiles
Profiles can be modified by selecting the 'Stat' tab of theprofile and click on any of the available edit icons of the desired parameter. By clicking on the edit icon of a channel,you may modify the requested channel. All changes will affect theprofile immediately. You may also add or delete channels in acontinuous profile. However, please note, that adding a new channelto an already existing profile will not rebuild any data for thischannel for data in the past. Deleting a channel or the entireprofile may be done by clicking on the trash icon.
Converting Profiles
Profile may be converted into another type as desired. However,not all conversions are possible. The figure below shows and explainsthe possible conversions.
Fig.Profile conversion
By switching a profile type between continuous andhistory you may temporary stop collecting data for a profile orcontinuing to collect data from a stopped profile. Note, that youwill loose all netflow data, when a profile is converted to a shadowprofile. When switching back, the data recording resumes at the timeof switching.
Alerts
Alerts allow you to execute specific actions based on specificconditions. An alert is defined by a filter applied to the 'live'profile, conditions, triggers and alert actions.
|Fig.Alert Flow
Creating Alerts
Alerts can be defined and viewed under the 'alert' tab, byclicking on the '+' icon.
Fig.New Alert
Complete the new alert dialogue:
FigNew Alert Dialogue
Alert Filter:
The alert filter is based onthe 'live' profile. Enter an appropriate filter here. Allfollowing conditions are based on the result of this filter.
Conditions:
Conditions are based either onthe flow summary or on the top 1 statistic. Conditions may be chainedtogether by adding additional conditions, using the '+' iconon the right. All conditions are logically linked 'or' .
FigAlert conditions flow summary
The conditions are based on the total number of flows,packets or bytes passing the resulting filter. The numbers can becompared to an absolute value, or relative to various time basedaverage values, which are automatically calculated. This allows tocreate easy adaptive filters, for detecting peaks.
Conditions may also be based on the top 1 statisticafter filtering the flows. These are the well known top N statisticsof nfdump.
Fig.Alert conditions top 1
Up to 6 conditions of either conditions type may belinked together.
Triggers
Whenever the overall conditionevaluates to true, the trigger conditions apply. Depending on theneeds a trigger may fire each time the overall condition is true, oronce only as long as the condition is true and may block triggeringfor a certain number of cycles thereafter.
Fig.Alert Trigger
If a trigger is set to 'Once only' it needs to rearmedmanually, once the trigger fired. This is done by clicking on the icon in the top right corner in the alert details page.
Fig.Arm 'Once Only' Trigger
Actions:
When a trigger fires, a certainactions can be executed. Most often you may want to send an email asan action. The action may also be disabled at all, to fine tune theconditions to optimize a certain alert.
Alert Status:
The alert status of each alert is visible as an overview in thealert tab, or on the top of each alert, when displaying the alert.The possible states be be:
This alert is not active and is not evaluated.
This alert is active, and is evaluated each cycle for the condition to met.
This alert is active and is evaluated each cycle. The last overall condition was true, but needs 3 conditions ( definable ) in a row to fire the trigger. So far one of tree conditions are true.
This alert is active and is evaluated each cycle. The trigger just fired in the last cycle and executed the action assigned to this alert,
This alert fired once only and is no longer active. The alert needs to be rearmed manually.
This alert is active, but blocked for 2 cycles ( definable ) after the trigger fired. Currently one of the two blocked cycles are already over.
Alert List
When clicking on the alert tab in the navigation bar,an overview of all alerts is show. An individual alert can be viewedin more details, when clicking on the looking glass of the alert inquestion. The alert list is automatically updated each cycle torefresh the state of all alerts.
Fig.Alert List
Alert details:
The alert details dialogue allows you to review andedit the alert. The alert can be modified by clicking on the editicon in the top left of the dialogue. All relevant input fields andselection boxes are enabled and can be changed as needed. The bottomhalf of the alert details view contains a graph with all calculatedaverage values as a result of the filter. This should help you tofind appropriate values for the conditions. A vertical cursor in thegraph shows at what time the alert triggered last. Up to 6 lasttrigger cursors are shown. Older triggers are removed again.
Fig.Alert Info
The table below the graph shows all average values ofthe last time-slot as numbers. The radio button allows you to switchbetween the flows, packets or bytes view. A summary of all conditionsas well as the resulting overall condition of the last cycle aredisplayed at the bottom of this table.
Alerts and plugins:
Alert conditions as well as alert actions can be based on customplugins. Check the Plugin Guide for a detailed description on how towork with plugins and alerts.
Bookmarks
While working with NfSen, you may wantto bookmark the current situation for later use or to send it as alink to a friend. The bookmark link at the top right of the page,allows you to do that.
Fig.Bookmark
Clicking on the link places the bookmark URL into the URL inputfield of your browser, allowing you to add this link to your bookmarkcollection. Many browsers also allow you 'right click' a link to copythe link location for pasting it in another application.
NfSen may be extended with plugins to fit additional needs.Plugins may be selected from the navigation bar. For a detailedexplanation about plugins and how to write plugins, see the detailedPlugin Writers Guide.
Example: Port tracker plugin:
FigPort tracker
The command line tool 'nfsen' in the BASEDIR/bindirectory works hand in hand with the frontend. It's used to createand manage profiles as you can do with the frontend in the 'Stat'tab. Use nfsen --help to see all options available for nfsen.If you create or delete a profile on the command line, thechanges may not be instantly visible in the web browser. Switching tothe 'Stat' tab updates the application cache and the profilemenu. A separate nfsen command line guide should be available soon.
How do I take a screenshot? | |||||
press | PrtScn | = | Windows captures the entire screen and copies it to the (invisible) clipboard. Note: On some notebooks you have to hold Fn and then press PrtScn instead. | ||
Where can I find that key? | |||||
PrtScnScrLkPause | Look for this group of keys at the upper right of your keyboard. Note: Print Screen (PrtScn) might have been abbreviated differently on your keyboard. | ||||
How do I take a screenshot of a single window? | |||||
hold down | Alt | and press | PrtScn | = | Windows captures only the currently active window and copies it to the clipboard. |
How do I take a screenshot of a specific area? | |||||||
hold down | ⊞ | and | Shift | and press | S | = | Use your mouse to draw a rectangle in order to specify what to capture. Windows then copies it to the clipboard. Since: Windows 10 Creators Update. |
I guess it's in the clipboard now. How can I paste it into a document or something? | |||||
hold down | Ctrl | and press | V | = | Windows pastes the screenshot (that is in the clipboard) into a document or image you are currently editing. |
Where should I paste it? I just need a (graphics) file. | |||||
| |||||
How do I take a screenshot and have it directly as a file? | |||||
hold down | ⊞ | and press | PrtScn | = | Windows (8 or 10) captures the entire screen and saves it as a file to your Pictures >Screenshots folder. |
Can you show me in a video? | |||||
Is there a dedicated program for taking screenshots? How can I find it? |