Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sniffing Multiple Interfaces

From: Guy Harris <guy () alum mit edu>
Date: Mon, 25 Oct 2010 14:39:17 -0700

On Oct 23, 2010, at 1:04 AM, Will wrote:


I would like to request a feature enhancement on Wireshark:  in 
the Interfaces dialog, could you allow selection of multiple 
interfaces, so that we can scan more than one at the same time, 
inside a single viewing window?


Given that we now support capturing into a pcap-ng file, that's not impossible.

It would require either that

        1) multiple instances of dumpcap cooperatively write to a single capture file (probably not easy to do)

or

        2) multiple threads within dumpcap cooperatively write to a single capture file (probably easier than #1, but 
still involves work)

or

        3) dumpcap be able to have a run loop where it waits for packets to arrive from any of a number of interfaces 
and processes the packets from all of them (done differently on UN*X and Windows, and needs to deal with, for example, 
problems with select() on BPF devices on some versions of some OSes, including *all* current versions of Mac OS X - 
some problems might make it impossible on some platforms; single-threading it also might reduce its ability to process 
high traffic)

or

        4) multiple instances of dumpcap writing to multiple capture files, and Wireshark reading from all of those 
files and doing a merge.

My *guess* is that #4 would have the fewest problems.  None of them are likely to be a trivial change, however.

(The "any" device on Linux also lets you do that, but it's implemented in libpcap by not binding the capture socket to 
a particular interface; other capture mechanisms don't offer the choice of not being bound to a particular interface, 
so libpcap doesn't support the "any" device on other OSes.)
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: