Re: Problems with capturing on multiple interfaces

[Michael Tüxen <Michael.Tuexen () lurchi franken de>]

On May 20, 2011, at 4:46 PM, Tyson Key wrote:

> Hmm, wouldn't using "any" was a means of nullifying other interfaces break concurrent capturing on both the "any 
> interface" and Bluetooth or USB interfaces?
As said in the other mail: -i all -i lo0 would capture packets on lo0 twice. I
don't want to do some magic on command line args...

Best regards
Michael
> Still, I agree with Chris's suggestions, with regards to weak emulation of an "any interface" under Windows; and 
> "speculative capturing" (i.e. waiting for a device to appear before capturing relevant traffic).
>
> I'm liking the feature so far otherwise, though. (It means that I no longer have to launch Wireshark or TShark *8* 
> times, and dismiss a tonne of warning dialogues just to do USB capturing).
>
> Thanks, and keep up the good work!
>
> Tyson. 
>
> On 20 May 2011 15:25, Chris Maynard <chris.maynard () gtech com> wrote:
> Michael Tüxen <Michael.Tuexen@...> writes:
>
> > You actually need:
> > -n to use pcapng
> > and
> > -t to use threads.
> >
> > It is simple to add -n and -t if you are specifying more than one interface
> > (actually this is what tshark and wireshark do). I wanted to be explicit
> > since I consider it currently an experimental feature. But, if the groups
> > prefers, we can add -n and -t if there is more than one interface specified.
>
> To me, if it doesn't work without -n and -t, then it makes it that much more
> user-friendly to automatically use pcapng and threads whenever multiple
> interfaces are specified.
>
> I understand this is still a work in progress, but something else I was thinking
> about was the "-i any" interface.  What will happen if someone specifies
> something like, "-i eth0 -i any -i lo" or variations thereof?  I assume it would
> be treated as "-i any" only?
>
> And speaking of "-i any", obviously on Windows, that isn't supported ... but a
> neat thing would be if it could be by internally scanning all interfaces and
> treating it as if "-i 1 -i 2 ... -i n" were specified.
>
> And while I'm at it ... another feature that I think would be nice to have would
> be to be able to specify capturing on an interface that doesn't yet exist, such
> as ppp0.  For my USB/PPP capturing, currently to get a capture of all traffic
> over that interface, I either have to use usbmon or ppp's record option to
> generate a pppdump file.  (OK, this last one isn't really specific to capturing
> on multiple interfaces, but it's related to capturing so ...)
>
> > Thanks for the feedback.
> You're welcome ... thanks for the feature!
> - Chris
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
>
>
>
> -- 
>                                           Fight Internet Censorship! http://www.eff.org
> http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon | 00447934365844
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe