Wireshark · Wireshark-dev: Re: [Wireshark-dev] capturing on multiple interfaces

[Michael Tüxen <Michael.Tuexen@xxxxxxxxxxxxxxxxx>]

On May 21, 2009, at 7:24 PM, Tyson Key wrote:

> Hi again, Michael. Probably a stupid question, and I'm not sure if  
> it's a bug or not, but any idea why I'd get "The file to which the  
> capture would be saved ("../pcapng/U1") could not be opened:  
> Permission denied." when trying to write a pcap-ng file to any  
> directory other than the default one (/tmp), even as root, and when  
> a directory has it's permission bits set to 777?
Not sure what the problem could be. I can run
./dumpcap -n -w test.pcapng -i lo0 -p
without any problem...
> Thanks in advance,
> Tyson.
>
> On Thu, May 21, 2009 at 5:24 PM, Michael Tüxen <Michael.Tuexen@xxxxxxxxxxxxxxxxx 
> > wrote:
> On May 21, 2009, at 5:17 PM, Tyson Key wrote:
>
> > Hi Michael. This is fantastic news to hear!
> > Will it eventually support non-Ethernet, and mixed link types in the
> > same file (e.g. mmapped Linux USB and Ethernet), out of interest?
> Yes, it should be possible to capture from multiple interfaces of link
> types
> which are supported today (so I do not add new link types). For
> supporting
> multiple link types, I had to add pcapng support, which is already
> there...
>
> Best regards
> Michael
>
> >
> >
> > Thanks,
> > Tyson.
> >
> > On Thu, May 21, 2009 at 1:11 PM, Michael Tüxen <Michael.Tuexen@xxxxxxxxxxxxxxxxx
> > > wrote:
> > On May 21, 2009, at 12:02 PM, <chandra.kotikalapudi@xxxxxxxxx>  
> wrote:
> >
> > > Hi Michael,
> > >
> > > I have downloaded the source code from SVN. Can you please say how
> > > to use dumpcap option -n to capture on interfaces x1, x2, x3  
> from x1
> > > to xn.
> > Currently you can capture only on one interface, so
> > dumpcap -n -i en0
> > should work.
> > A future version will support
> > dumpcap -n -i en0 -s 100 -i en1 -s 1000
> > and so one, where you capture on en0 with snaplen 100 and on en1  
> with
> > snaplen 1000.
> > You will also be able to set a pe interface capture filter, link  
> type,
> > promiscuous flag.
> > I'll send a note to the dev list, when this stuff is working.
> >
> > Which platform are you using?
> >
> > Best regards
> > Michael
> >
> > >
> > >
> > > Regards,
> > > Chandra.
> > >
> > > -----Original Message-----
> > > From: Chandra Sekhar kotikalapudi (WT01 - Telecom Equipment)
> > > Sent: Thursday, May 21, 2009 3:20 PM
> > > To: 'Developer support list for Wireshark'
> > > Subject: RE: [Wireshark-dev] capturing on multiple interfaces
> > >
> > > Hi Michael,
> > >
> > > It is good to hear you have already working on it. Can you please
> > > say in which svn version it is available so that I could do the
> > > testing what ever possible?
> > >
> > > Thanks & Regards,
> > > Chandra.
> > >
> > > -----Original Message-----
> > > From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx
> > > ] On Behalf Of Michael Tüxen
> > > Sent: Thursday, May 21, 2009 2:52 PM
> > > To: Developer support list for Wireshark
> > > Subject: Re: [Wireshark-dev] capturing on multiple interfaces
> > >
> > > On May 21, 2009, at 8:59 AM, <chandra.kotikalapudi@xxxxxxxxx> <chandra.kotikalapudi@xxxxxxxxx
> > >> wrote:
> > >
> > >> Hi Tyson,
> > >>
> > >> Thank you very much for the response.
> > >> Is it possible to capture on desired 'x' interfaces in 'n'
> > >> interfaces available using "dumpcap".
> > > This is what I'm working on. The capture file will be stored
> > > in .pcapng format...
> > > Saving in .pcapng is already available in the svn version. Use the
> > -n
> > > option.
> > > Testing it is highly appreciated...
> > >
> > > Best regards
> > > Michael
> > >
> > >>
> > >> Regards,
> > >> Chandra.
> > >> From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx
> > >> ] On Behalf Of Tyson Key
> > >> Sent: Monday, May 18, 2009 8:53 PM
> > >> To: Developer support list for Wireshark
> > >> Subject: Re: [Wireshark-dev] capturing on multiple interfaces
> > >>
> > >> Hi, Chandra.
> > >> Assuming that all the devices you want to capture on uses the  
> same
> > >> link type, there's an "any" pseudo-device on Linux that you can
> > use.
> > >> Sadly, it doesn't store information about the devices involved,  
> and
> > >> the link type-specific headers are transformed into a "Cooked"
> > >> format. You might want to investigate pcap-ng for that sort of
> > stuff.
> > >>
> > >> Hope that helps,
> > >> Tyson.
> > >> On Mon, May 18, 2009 at 10:23 AM,  
> <chandra.kotikalapudi@xxxxxxxxx>
> > >> wrote:
> > >> Hi,
> > >>
> > >>
> > >>
> > >> We all know Wireshark can capture on different interfaces, can it
> > be
> > >> able to capture on all interfaces at once using Wireshark?
> > >>
> > >>
> > >>
> > >> If 'No' is the answer can any one help me in understanding how
> > >> capturing is done using Wireshark?
> > >>
> > >> I could change the implementation accordingly for my needs to
> > >> capture on all interfaces.
> > >>
> > >>
> > >>
> > >> Thanks in advance.
> > >>
> > >>
> > >>
> > >> Regards,
> > >>
> > >> Chandra.
> > >>
> > >>
> > >>
> > >> Please do not print this email unless it is absolutely necessary.
> > >>
> > >> The information contained in this electronic message and any
> > >> attachments to this message are intended for the exclusive use of
> > >> the addressee(s) and may contain proprietary, confidential or
> > >> privileged information. If you are not the intended recipient,  
> you
> > >> should not disseminate, distribute or copy this e-mail. Please
> > >> notify the sender immediately and destroy all copies of this
> > message
> > >> and any attachments.
> > >>
> > >> WARNING: Computer viruses can be transmitted via email. The
> > >> recipient should check this email and any attachments for the
> > >> presence of viruses. The company accepts no liability for any
> > damage
> > >> caused by any virus transmitted by this email.
> > >>
> > >> www.wipro.com
> > >>
> > >>
> > >>
> >  
> ___________________________________________________________________________
> > >> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx
> > >
> > >> Archives:    http://www.wireshark.org/lists/wireshark-dev
> > >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> > >>            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
> > >>
> > >>
> > >>
> > >> --
> > >> Fight Internet Censorship! http://www.eff.org
> > >>              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > >> http://i9.house404.co.uk/ | Twitter/FriendFeed/Skype: vmlemon |
> > >> +447549728105
> > >> Please do not print this email unless it is absolutely necessary.
> > >>
> > >> The information contained in this electronic message and any
> > >> attachments to this message are intended for the exclusive use of
> > >> the addressee(s) and may contain proprietary, confidential or
> > >> privileged information. If you are not the intended recipient,  
> you
> > >> should not disseminate, distribute or copy this e-mail. Please
> > >> notify the sender immediately and destroy all copies of this
> > message
> > >> and any attachments.
> > >>
> > >> WARNING: Computer viruses can be transmitted via email. The
> > >> recipient should check this email and any attachments for the
> > >> presence of viruses. The company accepts no liability for any
> > damage
> > >> caused by any virus transmitted by this email.
> > >>
> > >> www.wipro.com
> > >>
> > >>
> >  
> ___________________________________________________________________________
> > >> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx
> > >
> > >> Archives:    http://www.wireshark.org/lists/wireshark-dev
> > >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> > >>            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
> > >
> > >
> >  
> ___________________________________________________________________________
> > > Sent via:    Wireshark-dev mailing list <wireshark-
> > dev@xxxxxxxxxxxxx>
> > > Archives:    http://www.wireshark.org/lists/wireshark-dev
> > > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> > >             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
> > >
> > > Please do not print this email unless it is absolutely necessary.
> > >
> > > The information contained in this electronic message and any
> > > attachments to this message are intended for the exclusive use of
> > > the addressee(s) and may contain proprietary, confidential or
> > > privileged information. If you are not the intended recipient, you
> > > should not disseminate, distribute or copy this e-mail. Please
> > > notify the sender immediately and destroy all copies of this  
> message
> > > and any attachments.
> > >
> > > WARNING: Computer viruses can be transmitted via email. The
> > > recipient should check this email and any attachments for the
> > > presence of viruses. The company accepts no liability for any  
> damage
> > > caused by any virus transmitted by this email.
> > >
> > > www.wipro.com
> > >
> >  
> ___________________________________________________________________________
> > > Sent via:    Wireshark-dev mailing list <wireshark-
> > dev@xxxxxxxxxxxxx>
> > > Archives:    http://www.wireshark.org/lists/wireshark-dev
> > > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> > >             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
> > >
> >
> >  
> ___________________________________________________________________________
> > Sent via:    Wireshark-dev mailing list <wireshark- 
> dev@xxxxxxxxxxxxx>
> > Archives:    http://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> >             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
> >
> >
> >
> > --
> > Fight Internet Censorship! http://www.eff.org
> >               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > http://i9.house404.co.uk/ | Twitter/FriendFeed/Skype: vmlemon |
> > +447549728105
> >  
> ___________________________________________________________________________
> > Sent via:    Wireshark-dev mailing list <wireshark- 
> dev@xxxxxxxxxxxxx>
> > Archives:    http://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> >             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>
>
>
> --
> Fight Internet Censorship! http://www.eff.org
>               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> http://i9.house404.co.uk/ | Twitter/FriendFeed/Skype: vmlemon |  
> +447549728105
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe