Wireshark-bugs: [Wireshark-bugs] [Bug 3454] Feature Request: Add protocol sub-field to the bootp
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3454





--- Comment #3 from Jaap Keuter <[email protected]>  2009-08-12 12:22:04 PDT ---
(In reply to comment #2)
> Hi!
> 
> this maybe an old but post, but who knows he might still need this or someone
> else in the future (like i just did...)
> 
> im not proposing this patch, but for sean (or others), you may see
> http://www.wireshark.org/develop.html
> and apply the patch below so you can get this stuff to work.
> 
> tshark.exe -r <file-capture> -T fields -e eth.src -e bootp.option.hostname
> 
> and it will give you tab delimited output of
> xx:xx:xx:xx:xx:xx      hostname

Indeed this is one of the 255 fields, not counting subfields, which in time
will all be requested to be converted into special cases, turning the dissector
inside out. I rather see a redesign coming from this angle for the whole set of
fields.

> now I just had a new wishlist and (ill try to add it up to the wiki)
> 
> that tshark (or even wireshark) will have the ability to send the result of a
> filter and construct it in a syslog message to send it to a central remote
> syslog server.
> 
> imagine this:
> using tshark to determine if the DHCP message transaction when port-mirror a
> network, ex:
> 
> tshark -slog 192.168.1.1 -smsg "The DHCP server %ip.src% gave
> %bootp.hw.mac_addr% the IP address: %bootp.ip.client%"

This is coming dangerously close to fulfilling Letts' Law: "All programs evolve
until they can send email." 


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.