https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2891
--- Comment #2 from Mike <poundonu@xxxxxxx> 2008-09-24 09:11:14 PDT ---
Sake
Thanks for responding. Well it's very useful to create shortcuts and batch
files that launch wireshark with different settings. For example I have a
"panic button" of sorts that immediately fires off a pre-configured capture on
specific interfaces when I'm doing investigations and I see suspicious activity
to/from or near my machine. I have also created a batch file that pops up a
command window and asks what settings I want (pre-configured BPF filters,
interfaces, output, etc.) and then goes straight to capturing. This is great
for live demonstrations in classes or for clients.
In the case of wireless, without MONITOR mode-capable hardware and
pre-configuring the WEP/WPA keying info, I can't sniff in promiscuous mode, so
one of the questions my batch file asks is which interface to use, and if it's
wireless, it disables promiscuous with "-p". Tshark is great, but when I want
to demo protocol analysis on the spur of the moment, in a pinch (where I want
to be able to dig deep into a segment/packet for some students), it's much
easier for the students to see it in the GUI, rather than having a few thousand
lines fill up the console buffer. You also get the "Follow TCP stream" and
decoding features, which are great educational tools.
Thanks for looking at it.
Michael Lester
Instructor/Consultant/Author
poundonu@xxxxxxx
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.