Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Wireshark multiview feature demo

From: Mikael Wikström <leakim.wikstrom () gmail com>
Date: Thu, 17 May 2012 11:56:20 +0200
Hi,

first of all I thank you all for a great piece of software.

I'd like to suggest a feature that would make wireshark even more
useful, so I thought I would describe it and see if any one else would
find it interesting.

The basic concept is to be able to view a pcap file in multiple
windows and have them track each other. Or more accurately have one
track the second one. If I then used display filters in window1 and
select a packet, window2 will move to that same packet and by doing so
one can easily see the packets close to it. I find this feature very
useful when debugging 802.11 traffic as I often want to check ACK
frames and timing related to beacons frames, if there are
retransmissions and such.

So I made a demo of the feature just to show how it would work. I
wrote this code as a demo only so no need to point out all the
security flaws it has and how it will impact performance.

I would be very interested in starting a discussion around this to see
in what way it could be improved.

I also made a very short screen cast of the demo that perhaps makes it
easier to understand what I'm talking about. You can find it here

http://www.youtube.com/watch?v=uYyELO8tdto

What I did was to make it so that window1 listens on a port and can be
controlled from a CLI interface on that port. The only implemented
command so far is "goto 2" meaning goto frame number 2. Window2 will
then send commands to window1 using that port and tell it to move to
the same frame.

demo code is in attachment.

My experience with GTK is very limited so my choice of using pthreads
was simply because it got the job done. Perhaps someone could suggest
a better way of hoking in a CLI/socket interface to wireshark?

BR,
Mikael Wikstrom
Sweden

Attachment: cli_srv.c
Description:

Attachment: wireshark-multiview.diff
Description: 

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: