Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 12329] New: Feature request: record and display sll_pkttype for all captures

Wireshark-bugs: [Wireshark-bugs] [Bug 12329] New: Feature request: record and display sll_pkttyp

Date: Fri, 08 Apr 2016 23:37:51 +0000

Bug ID	12329
Summary	Feature request: record and display sll_pkttype for all captures
Product	Wireshark
Version	unspecified
Hardware	x86
OS	All
Status	UNCONFIRMED
Severity	Enhancement
Priority	Low
Component	Capture file support (libwiretap)
Assignee	[email protected]
Reporter	[email protected]

Build Information:
wireshark 1.12.10 (Git Rev Unknown from unknown)

Copyright 1998-2016 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 3.18.7, with Cairo 1.14.2, with Pango 1.38.1, with
GLib 2.46.2, with libpcap, with libz 1.2.8, with POSIX capabilities (Linux),
with libnl 3, with SMI 0.4.8, with c-ares 1.10.0, without Lua, without Python,
with GnuTLS 3.4.9, with Gcrypt 1.6.4, with MIT Kerberos, with GeoIP, with
PortAudio V19-devel (built Jun 18 2015 15:46:29), without AirPcap.

Running on Linux 4.6.0-rc1-xps13+, with locale en_US.UTF-8, with libpcap
version
1.7.4, with libz 1.2.8, GnuTLS 3.4.10, Gcrypt 1.6.4.
Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz

Built using gcc 5.3.1 20151207 (Red Hat 5.3.1-2).

--
When I look at packet captures, it would be very, very useful if one of the
columns in the main display showed the packet direction.  Simply distinguishing
incoming from outgoing would be enough, but showing the full type (outgoing,
incoming unicast, incoming broadcast, etc) would be nice, too.

Wireshark can provide this information for "cooked" captures, but cooked
captures are rare and inconvenient, and the information is buried a couple
levels deep in the dissector.

On Linux (at least all recent kernels, and I suspect it's true on all kernels
ever), recvfrom and recvmsg on an AF_PACKET socket gives a sockaddr_ll.  That
sockaddr_ll's sll_pkttype field is valid.  This works even in raw mode (I just
tried it).

Please consider recording this information and displaying it in a column.

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 12329] Feature request: record and display sll_pkttype for all captures
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12329] Support "direction" flags in capture files (such as the epb_flags field in pcapng) and dissect it as frame.* fields
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12329] Support "direction" flags in capture files (such as the epb_flags field in pcapng) and dissect them as frame.* fields
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 12328] New: Crash when reloading Lua script when Field is gone
Next by Date: [Wireshark-bugs] [Bug 12330] New: build failed due to commit 59816ef00c6dd09532d80b393ba03f8194aba236
Previous by thread: [Wireshark-bugs] [Bug 12328] Crash when reloading Lua script when Field is gone
Next by thread: [Wireshark-bugs] [Bug 12329] Feature request: record and display sll_pkttype for all captures
Index(es):
- Date
- Thread