Wireshark · Wireshark-dev: Re: [Wireshark-dev] Bit for starting / stopping / new Capture

Wireshark-dev: Re: [Wireshark-dev] Bit for starting / stopping / new Capture

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Wed, 17 Feb 2016 08:58:37 -0800

On Feb 17, 2016, at 7:16 AM, "FIXED-TERM Scholz Tobias (DC-IA/EAI)" <fixed-term.Tobias.Scholz@xxxxxxxxxxxxxxx> wrote:

I made some recherché, but couldn’t find any information to this topic. Is there a possibility to know (special bit for example), whether the user stopped, started the capture or opened Wireshark new?

There is nothing available to dissectors to indicate whether the packets are coming from a live capture or a capture done in the past, and thus there is nothing to indicate the status of a live capture.

That would be a great help for my dissector.

Why? What would you do differently, depending on whether you have a live capture and, if so, what the status of that capture is?

Follow-Ups:
- Re: [Wireshark-dev] Bit for starting / stopping / new Capture
  - From: Paul Offord

References:
- [Wireshark-dev] Bit for starting / stopping / new Capture
  - From: FIXED-TERM Scholz Tobias (DC-IA/EAI)

Prev by Date: Re: [Wireshark-dev] Bit for starting / stopping / new Capture
Next by Date: Re: [Wireshark-dev] Bit for starting / stopping / new Capture
Previous by thread: Re: [Wireshark-dev] Bit for starting / stopping / new Capture
Next by thread: Re: [Wireshark-dev] Bit for starting / stopping / new Capture
Index(es):
- Date
- Thread