Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: Re: [Ethereal-dev] [patch] tethereal and ring timeout

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 24 Sep 2003 17:17:35 -0700

On Sep 24, 2003, at 3:50 PM, Matthijs Melchior wrote:


   The attached patch makes a change to tethereal in the way it changes
to a next ring buffer.  The old behaviour is to write a packet to the
file, and than test for the switching critera.  For the time criterion
in a situation where there are long time spans of silence this has the
unpleasant effect to write the first packet of a new series of packets
as the last packet of a file.


Checked in.
When looking at that change, I noticed that, when we switched ring buffer files as a result of a timeout, and the switch failed, we didn't do anything with the error indication. 

I also noticed that:
1) we allow a ring buffer to be used when reading a capture file rather than doing a live capture - this could be useful (a way of splitting capture files) when "-a filesize:XXX" is specified (although that doesn't actually *work*, as we check the file size only when doing a live capture), but a duration value doesn't seem all that useful (as it reflects time spent reading the capture file, not time stamps *in* the capture file);
2) we have two ways of specifying a duration - with "-a duration:XXX", and with "-b count:XXX".
I have also been looking to make the -l switch work with saving to files, 
so that the buffer is flushed to disk every second or so. This would
enable me to have tethereal in background looking at the network and
use ethereal to view the most recent history using the tethereal files.
Ethereal would need a mode to start polling its input file fore more
data [and to make it really clever to switch files when the capture
process switches...].
We already have some of that - that's how "Update list of packets in real time" is implemented; there's one process doing the capture, and another process that gets messages from that process over a pipe and reads from the capture file when told by the capturing process that N packets have been added to the capture file.
Perhaps having an option for Tethereal to send messages to a named pipe file, and have Ethereal read messages from that named pipe file rather than from a pipe to a child capture process, would handle that.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube