ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 6718] Wiretap API needs to handle pcap-NG ISB blocks

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 13 Mar 2012 07:22:33 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6718

--- Comment #28 from Jose Pedro Oliveira <jpo@xxxxxxxxxxxx> 2012-03-13 07:22:33 PDT ---
(In reply to comment #26)
> (In reply to comment #10)
> > (In reply to comment #9)
> > > (In reply to comment #8)
> > > > (In reply to comment #7)
> > > > > (In reply to comment #6)
> > > > > > (In reply to comment #5)
> > ...
> > > > Still regarding the if_filter option: should we allow this option to be
> > > > repeated?  I'm asking this because I think it should be a good idea to also
> > > > store the wireshark's display filters.
> > > > 
> > > >   tshark -R "<display filter here>" -r in.pcapng -w out.pcapng
> > > > 
> > > > Would it make sense to allow n display filters (keep the ones in the source
> > > > file add add the new one to the output file) ?
> > > > 
> > > >   tshark -R "<second display filter here>" -r out.pcapng -w out2.pcapng
> > > > 
> > > > Note: The display filter needs to be registered ( 0 = lipbpcap filter string, 1
> > > > = libpcap byte code, 2 = wireshark display filter string ? )
> > > > 
> > > > /jpo
> > > 
> > > There is a thread just started on this subject on the developers mailing list.
> > I believe this is the ml thread in question:
> >  * [Wireshark-dev] Store selected Wireshark prefs in pcapng capture file ?
> >    https://www.wireshark.org/lists/wireshark-dev/201203/msg00057.html
> > > I would propose a new option "shb_ws_display_filter" Wireshark display filter
> > > string. Can occure multiple times.
> > >
> > > One could the build a GUI item with a list of the filters, which can be
> > > selected and applied. Possibly there should also be
> > > "shb_ws_display_filter_comment" coupled to the display filter where one could
> > > describe the filter.
> > I believe we are describing different use cases for the display filters:
> >  * Your use case appears to be GUI oriented, ie, store all display filters the
> > user applied during a Wireshark session so that they can be reused in a
> > following session.
> >  * In my use case it should be an IDB filter option as the new output file only
> > has packets matching the display filter (it works like a capture filter).
> > /jpo
> 
> I think this discusson belongs in a separate bug or on the developers mailing
> list. I think it would be good to separate the issues.

You are right. Do you mind if I send you first a list of issues first for
triage?

> In my mind the IDB filter option would describe the capture filter used on the
> interface. Can you do display filters per interface? I assume you can have the
> interface as one criteria in your display filter but it would still be applied
> to the whole file and ought to belong in a capture wide option - right?

I don't think we can specify display filters per interface: although it would
be nice.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube