Wireshark · Wireshark-dev: Re: [Wireshark-dev] [Wireshark-commits] rev 32594: /trunk/ /trunk/: capinfos.c

Wireshark-dev: Re: [Wireshark-dev] [Wireshark-commits] rev 32594: /trunk/ /trunk/: capinfos.c

From: Bill Meier <wmeier@xxxxxxxxxxx>

Date: Thu, 29 Apr 2010 11:17:16 -0400

sfisher@xxxxxxxxxxxxx wrote:

http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=32594

User: sfisher
Date: 2010/04/28 11:30 PM

Log:
 Add snaplen to capinfos output.  Idea from Chris Maynard on -dev.


Steve:

A note:

At least one capture format ("NA Sniffer (Windows) 2.0" handled innetxray.c) doesn't provide a 'snaplen' in the file header. However therecord header has a 'caplen' as well as an 'original length'.


This may be true for other formats as well.

A comment:

Since capinfos does read through the complete capture file(process_cap_file) to gather certain information, I think a test in thatcode can be used to determine the actual snaplen (phdr->caplen) for thefile (if the snaplen is not in the file header).


snaplen = phdr->caplen if ((phdr->len - phdr->caplen) > 0)

I would expect that for any particular file there would only be onevalue for snaplen. If there are multiple snaplens capinfos could justshow the range.



What do you think ?

If the above seems reasonable I can make the change if you like.

Bill

Follow-Ups:
- Re: [Wireshark-dev] [Wireshark-commits] rev 32594: /trunk/ /trunk/: capinfos.c
  - From: Stephen Fisher

Prev by Date: Re: [Wireshark-dev] Submitting patches on behalf of Mellanox
Next by Date: [Wireshark-dev] buildbot failure in Wireshark (development) on Solaris-10-SPARC
Previous by thread: Re: [Wireshark-dev] Submitting patches on behalf of Mellanox
Next by thread: Re: [Wireshark-dev] [Wireshark-commits] rev 32594: /trunk/ /trunk/: capinfos.c
Index(es):
- Date
- Thread