On Apr 4, 2013, at 12:06 PM, Martin Kaiser <lists@xxxxxxxxx> wrote:
> I was asked by some people about access to capture comments from the
> command line tools. We identified two use cases
>
> - You have a capture file and want to display its capture file comment.
> Nothing but the comment, no packets etc.
Sounds like a job for capinfos. (I assume by "capture file comment" you mean the comment in the first Section Header Block in a pcap-ng file, rather than the comments on packets.)
> - You start a capture from the command line and want to insert a comment
> into the newly created file.
>
> The reading should be an option to tshark ("display the capture file
> comment and exit").
...or part of capinfos. I'm not sure operations that don't involve looking at any packets belong in tshark.
> For writing, I added a switch -j <new comment> to both tshark and
> dumpcap.
Sadly, -j is already taken for Wireshark, so you couldn't run Wireshark from the command line with "-j", unless we go with either getopt_long() (pulling in a version from GNU libc for platforms that don't have it in the system library) or with g_option:
https://developer.gnome.org/glib/stable/glib-Commandline-option-parser.html
and perhaps gtk_init_with_args():
https://developer.gnome.org/gtk2/stable/gtk2-General.html#gtk-init-with-args
so that we can have long arguments (rather than digging around for unused letters for every new option) and let at least the long version of the argument be the same for TShark and Wireshark and dumpcap if they apply to two or more of them.
