ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 6718] Wiretap API needs to handle pcap-NG ISB blocks

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 12 Mar 2012 09:01:47 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6718

--- Comment #26 from Anders Broman <anders.broman@xxxxxxxxxxxx> 2012-03-12 09:01:46 PDT ---
(In reply to comment #10)
> (In reply to comment #9)
> > (In reply to comment #8)
> > > (In reply to comment #7)
> > > > (In reply to comment #6)
> > > > > (In reply to comment #5)
> ...
> > > Still regarding the if_filter option: should we allow this option to be
> > > repeated?  I'm asking this because I think it should be a good idea to also
> > > store the wireshark's display filters.
> > > 
> > >   tshark -R "<display filter here>" -r in.pcapng -w out.pcapng
> > > 
> > > Would it make sense to allow n display filters (keep the ones in the source
> > > file add add the new one to the output file) ?
> > > 
> > >   tshark -R "<second display filter here>" -r out.pcapng -w out2.pcapng
> > > 
> > > Note: The display filter needs to be registered ( 0 = lipbpcap filter string, 1
> > > = libpcap byte code, 2 = wireshark display filter string ? )
> > > 
> > > /jpo
> > 
> > There is a thread just started on this subject on the developers mailing list.
> I believe this is the ml thread in question:
>  * [Wireshark-dev] Store selected Wireshark prefs in pcapng capture file ?
>    https://www.wireshark.org/lists/wireshark-dev/201203/msg00057.html
> > I would propose a new option "shb_ws_display_filter" Wireshark display filter
> > string. Can occure multiple times.
> >
> > One could the build a GUI item with a list of the filters, which can be
> > selected and applied. Possibly there should also be
> > "shb_ws_display_filter_comment" coupled to the display filter where one could
> > describe the filter.
> I believe we are describing different use cases for the display filters:
>  * Your use case appears to be GUI oriented, ie, store all display filters the
> user applied during a Wireshark session so that they can be reused in a
> following session.
>  * In my use case it should be an IDB filter option as the new output file only
> has packets matching the display filter (it works like a capture filter).
> /jpo

I think this discusson belongs in a separate bug or on the developers mailing
list. I think it would be good to separate the issues.
In my mind the IDB filter option would describe the capture filter used on the
interface. Can you do display filters per interface? I assume you can have the
interface as one criteria in your display filter but it would still be applied
to the whole file and ought to belong in a capture wide option - right?

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube