Wireshark-bugs: [Wireshark-bugs] [Bug 2039] Triggered Capture

Date: Wed, 28 Nov 2007 21:06:04 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2039


luis.ontanon@xxxxxxxxx changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|Feature request             |Triggered Capture




------- Comment #1 from luis.ontanon@xxxxxxxxx  2007-11-28 21:06 GMT -------
Well I thought of it for quite a while...

There's a PoC called trigcap.c in the source repository (not being built) that
implements some of what you request but this is based in Pcap filters only.

The problem here is memory usage, 
If the trigger is a Date/Time/Lapse, a number of frames or a pcap filter
there's no problem.
But, if you want a full blown wireshark capture filter as a trigger we have a
problem, Wireshark keeps using more and more memory as it dissects packets
until it is either stopped or it ends up crashing (That's a well known bug that
has no foreseeable solution). So this would make such a feature of little use.

trigpcap on the other hand might not work in all plattforms (it works on my
mac)  there are slight differences in the way libpcap behaves on various
plattforms that would dissallow that.

If someone can get it built and it runs on windows we could add it to the
distribution (needs a manpage too).


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.