On Thu, May 07, 2009 at 04:10:31PM -0400, Michael T�xen wrote:
>
> Please note that when using Wireshark you use a GUI
> which generate the command line to invoke dumpcap.
But many times in the most demanding capturing setups, I use dumpcap
straight away, so the command line options (CLO) should be fairly easy to
use and create a minimum of confusion...
> But tshark, wireshark and dumpcap share a lot of
> the code processing the command line arguments,
> so the possibilities might eventually also
> show up in tshark and wireshark...
Yes, adding them to tshark would be nice too...
(I know, I'm a CLI addict ;-))
Back to CLO suggestions, how'bout a sceme like this:
Make every CLO have effect on *all* interfaces until an interface is
specified, then make all following CLO's have an effect on *only* the last
listed interface.
This would make using a single interface the same as now, without any
fuzz about the order of the CLO's, but would make it easy to specify
different settings for different interfaces:
"dumpcap -s96 -f udp -i eth0"
would be the same as "dumpcap -i eth0 -s96 -f udp"
But:
"dumpcap -f udp -i eth0 -y XXX -i tr0 -y YYY -s 128"
would use a generic capture filter, but specific linktype and capture
length options for the two interfaces...
Just my $0,02
Cheers,
Sake