On Jul 15, 2014, at 10:55 PM, Pascal Quantin <pascal.quantin@xxxxxxxxx> wrote:
> Le 16/07/2014 03:05, Guy Harris a écrit :
>> Currently, it writes something to a temporary file, and then closes the current file and reads the new file in.
>>
>> 1) What do the four choices it offers mean? I tried it with "OSI Layer 3" on an HTTP capture and no packets were written.
> The idea is to strip the lower layers or create a new pcap with the
> deciphered payload for example.
> As of today, if you select "OSI layer 3" it will export PDUs from IPSec
> and SCTP.
Those aren't the only protocols in the universe at the transport layer - and I'm not sure IPSec is a transport-layer protocol.
Perhaps it should say "IPSec and SCTP" instead?
> If you select "OSI layer 7", it will export the (eventually
> deciphered) payload for credssp, diameter, DTLS, reload, SIP and SSL.
Ditto.
>> 2) Why does it replace the current capture, rather than writing out to a new file with a specified name? That's not what I'd expect a menu item that begins with "Export" to do.
> I *think* the idea was to be able to visualize the output immediately.
> If you are happy with it you can save the new capture. If you are not,
> you can close the file and reopen the previous capture. It the parent
> capture is not saved, you get a popup dialog asking you whether you want
> to save it or not, avoiding to lose any data.
If that's the intent, it should probably have a name other than "Export PDUs to File", as, unlike the other operations that begin with "Export", it has a side-effect of closing the current file and opening and reading a new file.
(If we supported having multiple files open in the same process, perhaps it should open a new window with the new file.)
