https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3096
--- Comment #48 from Michael Tüxen <tuexen@xxxxxxxxxxxxx> 2012-02-14 01:40:23 PST ---
(In reply to comment #46)
> (In reply to comment #45)
> > (In reply to comment #44)
> > > For the IDB, there should definitely be a way to fetch a list of interfaces
> > > from Wiretap, and I'd use that to fill in the interface list under "Capture" in
> > > the Statistics -> Summary window. I might also have double-clicking on one of
> > > those interfaces pop up a window showing all the stuff from the IDB, *and*
> > > offer the ability to add comments to the interface.
> >
> > N.B we might be viewing a file captured somewhere else. So that would have to
> > be a new menu item - right?
>
> What would have to be a new menu item?
>
> Showing the interface list in "Capture" wouldn't be a new menu item; it would
> be a standard feature of Statistics -> Summary, regardless of *where* the
> capture file came from. Getting more information about a particular interface
> would just come from double-clicking an item in the interface list.
>
> If we show interfaces in that list for live captures even if we captured in
> pcap format, we could make that a special case.
>
> > But as a first step I'd like to preserve information in a stored file that
> > is filtered and saved as a new file.
>
> Yes, that's step 1, but we should probably support at least displaying the
> interface list for pcap-NG captures before we release 1.8.0; given that Wiretap
> would then keep track of the interfaces, and would presumably have to export
> the interface list for use when Wireshark writes out the filtered file, the API
> to get that list would also be available for Statistics -> Summary (and for
> capinfos).
>
> > The current limitation from the wiki page says theat wireshark only handles
> > one SHB and one IDB let's make that work first.
>
> "One SHB" is, as far as I know, currently true; "one IDB" is not. The page at
>
> http://wiki.wireshark.org/Development/PcapNg
>
> if that's "the wiki page" says "When merging files, mergecap doesn't retain
> each IDB's snaplen", and "each IDB" seems to imply to me that more than one is
> supported and, in fact, the page later says
>
> [v1.7.x] dumpcap -i eth0 -i eth1 -i eth2 -w file.pcapng
> Capture file will have the following pcap-ng blocks: SHB, IDB, IDB, IDB, EPB,
> EPB, ..., ISB, ISB, ISB.
Correct. This is how dumpcap supports capturing from multiple interfaces.
If it is not writing a IDB for each interface specified on the command line it
is a bug.
>
> so it explicitly speaks of multiple IDBs. (Arguably, "dumpcap -i any -w
> file.pcapng" should write IDBs for the real interfaces rather than the "any"
> interface, but that's a bit more work; what's really wanted there is some help
> from libpcap.)
I think dumpcap -i any -w file.pcapng should only use a single IDB specifying
the any interface (only on Linux, of course). Since this is what the user
specifies
and Linux provides this kind of interface.
We might add another way to dumpcap (like a specific command line option,
or another interface name like all or so) for scanning all local interfaces and
capturing on all of them. This would use a single IDB per local interface.
Best regards
Michael
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
