Hi list,
The following case was presented to me. An engineer was working on a case where
he was monitoring networking equipment, of which he knew, or at least assumed,
that it would send out a significant frame rate (300+ fps). Opening up the
interface list showed that neither of the interfaces (there were several) had
such frame rate, so that puzzled him. Once he tried a few interfaces he stumbled
upon the right one and the captured frames started to race by. He would never
have guessed looking at the interface list only.
So even though there was a significant frame rate present on that interface the
interface list doesn't show it. Given rationale is that the statistics capture
for the interface list is done in non-promiscuous mode to keep the load on the
network stack down. I guess that's a valid concern in certain situations.
With the advance of the capture interfaces list we have a more fine grained
control over the capture settings per interface. I think we should use this to
our advantage in this matter. What if we used the promiscuous mode preference
setting per interface to configure the capture for the interface list. That
would give the user a more accurate impression of the amount of traffic captured
on an interface once the capture was started (without changing further
promiscuous mode setting).
Implementation note: Wireshark now just asks dumpcap to push interface
statistics on all the interfaces it knows. This has to be changed in Wireshark
feeding dumpcap a list of interfaces to monitor in either promiscuous or
non-promiscuous mode. But this should be no problem since Wireshark already
knows the interfaces, since they are listed on the welcome page.
Thanks,
Jaap
