Wireshark mailing list archives

Re: Bit for starting / stopping / new Capture

From: Guy Harris <guy () alum mit edu>
Date: Wed, 17 Feb 2016 08:58:37 -0800

On Feb 17, 2016, at 7:16 AM, "FIXED-TERM Scholz Tobias (DC-IA/EAI)" <fixed-term.Tobias.Scholz () boschrexroth de> wrote:

I made some recherché, but couldn’t find any information to thistopic. Is there a possibility to know (special bit for example), whether the user stopped, started the capture or opened Wireshark new?

There is nothing available to dissectors to indicate whether thepackets are coming from a live capture or a capture done in the past,and thus there is nothing to indicate the status of a live capture.


That would be a great help for my dissector.

Why? What would you do differently, depending on whether you have alive capture and, if so, what the status of that capture is?

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Bit for starting / stopping / new Capture FIXED-TERM Scholz Tobias (DC-IA/EAI) (Feb 17)
- Re: Bit for starting / stopping / new Capture Pascal Quantin (Feb 17)
  - Re: Bit for starting / stopping / new Capture FIXED-TERM Scholz Tobias (DC-IA/EAI) (Feb 17)
    - Re: Bit for starting / stopping / new Capture Pascal Quantin (Feb 17)
    - Re: Bit for starting / stopping / new Capture FIXED-TERM Scholz Tobias (DC-IA/EAI) (Feb 17)
- Re: Bit for starting / stopping / new Capture Guy Harris (Feb 17)
  - Re: Bit for starting / stopping / new Capture Paul Offord (Feb 17)
    - Re: Bit for starting / stopping / new Capture Pascal Quantin (Feb 17)
    - Re: Bit for starting / stopping / new Capture Paul Offord (Feb 17)