Wireshark mailing list archives

Re: Problems with capturing on multiple interfaces

From: Michael Tüxen <Michael.Tuexen () lurchi franken de>
Date: Thu, 19 May 2011 22:35:21 +0200

On May 19, 2011, at 7:40 PM, Chris Maynard wrote:

Additional feedback (pigging-backing off Joerg's post):
1) When capturing on multiple interfaces, the -n option is required in order to
use pcapng instead of pcap.  But if it's omitted - accidentally or not - could
it just be automatically assumed?

You actually need:
-n to use pcapng
and
-t to use threads.

It is simple to add -n and -t if you are specifying more than one interface
(actually this is what tshark and wireshark do). I wanted to be explicit
since I consider it currently an experimental feature. But, if the groups
prefers, we can add -n and -t if there is more than one interface specified.


2) The tempfile name includes the name of the interface.  But, if we're
capturing on multiple interfaces, I would think we'd want to rename it, but how
best to do that?  We could string the interface names together, but that could
result in lengthy tempfile names, especially for Windows), or we could use part
of each interface's name or use a generic "multiple_interfaces" name, or
something else???  The solution could differ depending on OS.  Stringing
together eth0_eth1_lo is nice and short, but not the case for Windows with long
names like, "NPF_GenericDialupAdapter", "07BB3785-079D-4AB5-AE27-79723D20A0CF", 
etc.

Yes, the names are ugly on non Unix systems (aka Windows). I currently going
through various places and try to use appropriate names (started with things
visible in the GUI). But I can change the temp file name, too. Will put it
on the ToDO list.

Thanks for the feedback.

Best regards
Michael



___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Problems with capturing on multiple interfaces Joerg Mayer (May 19)
- Re: Problems with capturing on multiple interfaces Guy Harris (May 19)
- Re: Problems with capturing on multiple interfaces Chris Maynard (May 19)
  - Re: Problems with capturing on multiple interfaces Michael Tüxen (May 19)
    - Re: Problems with capturing on multiple interfaces Chris Maynard (May 20)
    - Re: Problems with capturing on multiple interfaces Tyson Key (May 20)
    - Re: Problems with capturing on multiple interfaces Michael Tüxen (May 21)
    - Re: Problems with capturing on multiple interfaces Jim Young (May 20)
    - Re: Problems with capturing on multiple interfaces Guy Harris (May 20)
    - Re: Problems with capturing on multiple interfaces Michael Tüxen (May 21)
    - Re: Problems with capturing on multiple interfaces Michael Tüxen (May 21)
    - Re: Problems with capturing on multiple interfaces Joerg Mayer (May 20)
    - Re: Problems with capturing on multiple interfaces Michael Tüxen (May 21)
    - Re: Problems with capturing on multiple interfaces Jakub Zawadzki (May 20)

(Thread continues...)