Re: What is "Export PDUs to File..." intended to do?

[Pascal Quantin <pascal.quantin () gmail com>]

Le 16/07/2014 03:05, Guy Harris a écrit :
> Currently, it writes something to a temporary file, and then closes the current file and reads the new file in.
>
> 1) What do the four choices it offers mean?  I tried it with "OSI Layer 3" on an HTTP capture and no packets were 
> written.
The idea is to strip the lower layers or create a new pcap with the
deciphered payload for example.
As of today, if you select "OSI layer 3" it will export PDUs from IPSec
and SCTP. If you select "OSI layer 7", it will export the (eventually
deciphered) payload for credssp, diameter, DTLS, reload, SIP and SSL.
This is not a generic export (each dissector needs to register a tap if
it wants the functionality) so I'm not surprised that applying it on
HTTP did not export any packet. We did not come up with a meaningful
name so far explaining what it is doing. The "Logcat" and "DVB-CI"
exports are easier to understand :) I would be OK to create a
"deciphered" entry and more application oriented selections (like SIP or
diameter) but Anders was not found of it.
> 2) Why does it replace the current capture, rather than writing out to a new file with a specified name?  That's not 
> what I'd expect a menu item that begins with "Export" to do.
I *think* the idea was to be able to visualize the output immediately.
If you are happy with it you can save the new capture. If you are not,
you can close the file and reopen the previous capture. It the parent
capture is not saved, you get a popup dialog asking you whether you want
to save it or not, avoiding to lose any data.

Pascal.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe