Wireshark mailing list archives
Wireshark multiview feature demo
From: Mikael Wikström <leakim.wikstrom () gmail com>
Date: Thu, 17 May 2012 11:56:20 +0200
Hi, first of all I thank you all for a great piece of software. I'd like to suggest a feature that would make wireshark even more useful, so I thought I would describe it and see if any one else would find it interesting. The basic concept is to be able to view a pcap file in multiple windows and have them track each other. Or more accurately have one track the second one. If I then used display filters in window1 and select a packet, window2 will move to that same packet and by doing so one can easily see the packets close to it. I find this feature very useful when debugging 802.11 traffic as I often want to check ACK frames and timing related to beacons frames, if there are retransmissions and such. So I made a demo of the feature just to show how it would work. I wrote this code as a demo only so no need to point out all the security flaws it has and how it will impact performance. I would be very interested in starting a discussion around this to see in what way it could be improved. I also made a very short screen cast of the demo that perhaps makes it easier to understand what I'm talking about. You can find it here http://www.youtube.com/watch?v=uYyELO8tdto What I did was to make it so that window1 listens on a port and can be controlled from a CLI interface on that port. The only implemented command so far is "goto 2" meaning goto frame number 2. Window2 will then send commands to window1 using that port and tell it to move to the same frame. demo code is in attachment. My experience with GTK is very limited so my choice of using pthreads was simply because it got the job done. Perhaps someone could suggest a better way of hoking in a CLI/socket interface to wireshark? BR, Mikael Wikstrom Sweden
Attachment:
cli_srv.c
Description:
Attachment:
wireshark-multiview.diff
Description:
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Wireshark multiview feature demo Mikael Wikström (May 17)