Wireshark-bugs: [Wireshark-bugs] [Bug 3454] Feature Request: Add protocol sub-field to the bootp
Date: Wed, 12 Aug 2009 12:22:07 -0700 (PDT)

--- Comment #3 from Jaap Keuter <jaap.keuter@xxxxxxxxx>  2009-08-12 12:22:04 PDT ---
(In reply to comment #2)
> Hi!
> this maybe an old but post, but who knows he might still need this or someone
> else in the future (like i just did...)
> im not proposing this patch, but for sean (or others), you may see
> http://www.wireshark.org/develop.html
> and apply the patch below so you can get this stuff to work.
> tshark.exe -r <file-capture> -T fields -e eth.src -e bootp.option.hostname
> and it will give you tab delimited output of
> xx:xx:xx:xx:xx:xx      hostname

Indeed this is one of the 255 fields, not counting subfields, which in time
will all be requested to be converted into special cases, turning the dissector
inside out. I rather see a redesign coming from this angle for the whole set of

> now I just had a new wishlist and (ill try to add it up to the wiki)
> that tshark (or even wireshark) will have the ability to send the result of a
> filter and construct it in a syslog message to send it to a central remote
> syslog server.
> imagine this:
> using tshark to determine if the DHCP message transaction when port-mirror a
> network, ex:
> tshark -slog -smsg "The DHCP server %ip.src% gave
> %bootp.hw.mac_addr% the IP address: %bootp.ip.client%"

This is coming dangerously close to fulfilling Letts' Law: "All programs evolve
until they can send email." 

Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.