Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Random feature and enhancements ideas (topics for Sharkfests

From: Jasper Bongertz <jasper.bongertz@xxxxxxxx>
Date: Thu, 10 May 2012 11:01:44 +0200
Title: Re: [Wireshark-dev] Random feature and enhancements ideas (topics for Sharkfests developers room?)
Hi Anders,


- The defined blocks are capture oriented should we define some analysis re-saving oriented ones.
   - UDP/TCP/SCTP... port map similar to the NRB (think decode as)
   - Read filter used ( save filtered trace)
   - File history ( saved file A as B (using read filter X) ...)  


The port map could be a little problematic unless you have a "well known port list" to map ports to. Maybe the official IANA list could be used for that though, but I guess there are application ports that have no official port in that list that could not be mapped then... Anyway, I guess a new optional blocktype would make sense for this kind of thing.

The read filter and the file history could be added as text option fields to the SHB, so that should be simple enough.

By the way, I just asked for some additional options added to the specs on the pcap-ng development mailing list, too :-)

Best regards,
Jasper