https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3096
--- Comment #46 from Guy Harris <guy@xxxxxxxxxxxx> 2012-02-13 14:23:50 PST ---
(In reply to comment #45)
> (In reply to comment #44)
> > For the IDB, there should definitely be a way to fetch a list of interfaces
> > from Wiretap, and I'd use that to fill in the interface list under "Capture" in
> > the Statistics -> Summary window. I might also have double-clicking on one of
> > those interfaces pop up a window showing all the stuff from the IDB, *and*
> > offer the ability to add comments to the interface.
>
> N.B we might be viewing a file captured somewhere else. So that would have to
> be a new menu item - right?
What would have to be a new menu item?
Showing the interface list in "Capture" wouldn't be a new menu item; it would
be a standard feature of Statistics -> Summary, regardless of *where* the
capture file came from. Getting more information about a particular interface
would just come from double-clicking an item in the interface list.
If we show interfaces in that list for live captures even if we captured in
pcap format, we could make that a special case.
> But as a first step I'd like to preserve information in a stored file that
> is filtered and saved as a new file.
Yes, that's step 1, but we should probably support at least displaying the
interface list for pcap-NG captures before we release 1.8.0; given that Wiretap
would then keep track of the interfaces, and would presumably have to export
the interface list for use when Wireshark writes out the filtered file, the API
to get that list would also be available for Statistics -> Summary (and for
capinfos).
> The current limitation from the wiki page says theat wireshark only handles
> one SHB and one IDB let's make that work first.
"One SHB" is, as far as I know, currently true; "one IDB" is not. The page at
http://wiki.wireshark.org/Development/PcapNg
if that's "the wiki page" says "When merging files, mergecap doesn't retain
each IDB's snaplen", and "each IDB" seems to imply to me that more than one is
supported and, in fact, the page later says
[v1.7.x] dumpcap -i eth0 -i eth1 -i eth2 -w file.pcapng
Capture file will have the following pcap-ng blocks: SHB, IDB, IDB, IDB, EPB,
EPB, ..., ISB, ISB, ISB.
so it explicitly speaks of multiple IDBs. (Arguably, "dumpcap -i any -w
file.pcapng" should write IDBs for the real interfaces rather than the "any"
interface, but that's a bit more work; what's really wanted there is some help
from libpcap.)
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
