On May 6, 2009, at 3:40 PM, Aaron Turner wrote:
Personally I think different filters for different interfaces doesn't
make a lot of sense. I really can't imagine a situation when you'd
need to capture different kinds of packets on different interfaces but
write to a single file.
For SCTP I might want to capture on two different interfaces
traffic belonging to the same transport connection. I might want
to filter on different destination addresses:
dumpcap -n -i en0 -f sctp && host a.b.c.d -i en1 -f sctp && host e.f.g.h
At least, I think it's fair to say that single filter w/ multiple
interfaces is a more common case then multiple filters & multiple
interfaces. Ideally the more common case shouldn't require you to
specify the same filter twice.
But I need a way to distinguish whether this filter applies for
all interfaces or only for one...
So we could do
dumpcap -f sctp -n -i en0 -i en1
(filter before interface) to mean setting for all interfaces
and
dumpcap -n -i en0 -f sctp -i en1
(filter after interface) that sctp is used only for en0 and en1
has no capture filter.
What do you think about this?
--
Aaron Turner
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for
Unix & Windows
Those who would give up essential Liberty, to purchase a little
temporary
Safety, deserve neither Liberty nor Safety.
-- Benjamin Franklin
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
