Wireshark mailing list archives
Re: Rev 38350 Capture Options Changes - Named Pipe?
From: Guy Harris <guy () alum mit edu>
Date: Thu, 11 Aug 2011 19:41:25 -0700
On Aug 11, 2011, at 6:00 AM, Joerg Mayer wrote:
While everyone seems to be adding their wishes, now that someone is actually is working on that code: Would it make sense to add a button (or whatever) to scan for newly created/activated interfaces? When I'm running Wireshark and add a new interface (I'm on Linux and run e.g. "iw dev wlan0 interface add mon0 type monitor" + "ifconfig mon0 up"
Actually, in that case, if Wireshark is using libpcap 1.1.0 or later, selecting wlan0 and checking the monitor mode checkbox should cause Wireshark to tell libpcap to do all that for you (by telling it to capture in monitor mode).
or just up an interface that was down, I need to restart Wireshark for the new interface to be detected.
That sounds like a bug - it shouldn't be caching the interface list in Wireshark forever; at least if you open a new "Capture Options" dialog, it should re-run dumpcap to get the interface list again. It won't update the interface list on the welcome page...
Checking for new interfaces at runtime
...but I'll see whether adding an API to libpcap to provide a way to be notified when new interfaces appear is possible. (It's going to be platform-dependent - there's probably something in Linux to do it, maybe netlink, it'd probably be done in Mac OS X with the System Configuration framework, etc..)
or be shown also interfaces that are admin down would be a nice to have :-)
If it's not showing them to you, it's probably not possible to capture on them; what happens if you try to run tcpdump or dumpcap on them? On OS X Snow Leopard, at least: $ ifconfig -a lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 inet 127.0.0.1 netmask 0xff000000 gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 ... $ tcpdump -i gif0 tcpdump: gif0: That device is not up BPF won't let you bind to a device that's not up; I'd have to look at other BPF implementations to see if they impose similar restrictions. I also tried it on my Ubuntu 9.10 virtual machine, and, after configuring an interface down, I got the same error (ENETDOWN in both cases). ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Rev 38350 Capture Options Changes - Named Pipe?, (continued)
- Re: Rev 38350 Capture Options Changes - Named Pipe? Michael Tüxen (Aug 10)
- Re: Rev 38350 Capture Options Changes - Named Pipe? Guy Harris (Aug 10)
- Re: Rev 38350 Capture Options Changes - Named Pipe? Michael Tüxen (Aug 10)
- Re: Rev 38350 Capture Options Changes - Named Pipe? Guy Harris (Aug 10)
- Re: Rev 38350 Capture Options Changes - Named Pipe? Michael Tüxen (Aug 11)
- Re: Rev 38350 Capture Options Changes - Named Pipe? Jakub Zawadzki (Aug 10)
- Re: Rev 38350 Capture Options Changes - Named Pipe? Joerg Mayer (Aug 10)
- Re: Rev 38350 Capture Options Changes - Named Pipe? Michael Tüxen (Aug 11)
- Re: Rev 38350 Capture Options Changes - Named Pipe? Joerg Mayer (Aug 11)
- Re: Rev 38350 Capture Options Changes - Named Pipe? Michael Tüxen (Aug 11)
- Re: Rev 38350 Capture Options Changes - Named Pipe? Guy Harris (Aug 11)
- Re: Rev 38350 Capture Options Changes - Named Pipe? Michael Tüxen (Aug 11)
- Re: Rev 38350 Capture Options Changes - Named Pipe? Joerg Mayer (Aug 12)
- Re: Rev 38350 Capture Options Changes - Named Pipe? Guy Harris (Aug 12)
- Re: Rev 38350 Capture Options Changes - Named Pipe? Michael Tüxen (Aug 11)
- Re: Rev 38350 Capture Options Changes - Named Pipe? Colin O'Flynn (Aug 10)