Wireshark-dev: Re: [Wireshark-dev] Displaying interface names in Wireshark

Date: Fri, 3 Aug 2007 09:05:41 +0200
Hi,

I'm also very interested in displaying Interface IDs in an additional column (like e.g. timestamps).
I've seen that the pcap packet header contains a field "Interface ID" which seems to be currently unused in Wireshark?
Would it be possible to add this Interface ID to the packet info, so it is possible to show a column in the packet list and to be able to apply filters on different interfaces?

Regards,
Holger


-----Ursprüngliche Nachricht-----
Von: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] Im Auftrag von Sake Blok
Gesendet: Donnerstag, 2. August 2007 23:09
An: wireshark-dev@xxxxxxxxxxxxx
Betreff: [Wireshark-dev] Displaying interface names in Wireshark

Hi,

I'm in the process of adding support for the NetScreen snoop file format.
The basics are already finished (see bug 1717). Right now I'm working
on selecting the right link-layer type for each packet as packets from
different types of interfaces can be in the same file. On top of showing
every packet with the proper WTAP_ENCAP type it would of course be great
to preserve the provided interface-name and the direction of the traffic
as they are present in the dump-file:

6844308.0: adsl1(i) len=86:000800300000->00121ebbd139/8889        
              194.109.5.241 -> 213.84.244.33/41
              vhl=45, tos=00, id=53048, frag=0000, ttl=27 tlen=84
              00 21 45 00 00 54 cf 38 00 00 1b 29 3e 74 c2 6d     .!E..T.8...)>t.m
              05 f1 d5 54 f4 21 60 00 00 00 00 18 3a ff fe 80     ...T.!`.....:...
              00 00 00 00 00 00 02 30 48 ff fe 41 3c 32 fe 80     .......0H..A<2..


I can think of several ways to display the interface name and traffic
direction:

- Make use of a pseudo-header. This can be done fairly easy I think if 
  I look at the code for other fileformats. The downside is that every
  file-format will have it's own pseudo-headers containing the same info.
  This makes it hard to use it as a column (which would be great IMHO).

- Insert extra fields in the frame dissector so that the code for each
  file-format can use these fields and they can be used as columns.

- Make use of PPI (Per Packet Information). I have looked at it a bit and
  I think it could facilitate these two fields, but they have to be
  defined. Also I think this will be the most difficult to implement
  (at least for me). If I understand correctly, this will however 
  also add the possibility to preserve these fields when the file
  is "saved as...".

Are there any oter ideas on how to display interface-names and 
traffic-direction within Wireshark? What would be the prefered way
of creating this functionality?

Cheers,


Sake
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Hilscher Gesellschaft für Systemautomation mbH
Rheinstr. 15, 65795 Hattersheim
Sitz der Gesellschaft: Hattersheim
Geschäftsführer: Hans-Jürgen Hilscher
Registergericht: Amtsgericht Frankfurt/Main
Handelsregister: Frankfurt B 26873
www.hilscher.com