Wireshark-dev: Re: [Wireshark-dev] capturing on multiple interfaces

From: Michael Tüxen <Michael.Tuexen@xxxxxxxxxxxxxxxxx>
Date: Thu, 21 May 2009 20:54:47 +0200
On May 21, 2009, at 8:01 PM, Tyson Key wrote:

Hi. I'm not sure what the problem was, although changing the directory to the directory that the capture files are to be stored in, and doing "sudo ../wireshark-1.1.4-SVN-28436/dumpcap -n -s 0 -w Wifi3 -i wlan0" did the trick nicely.

A great job with the implementation by the way, so far. I managed to create an ersatz multi-link-type file by cat-ing together a file with 802.11 packets, one with USB packets, and one with Linux Cooked packets from a PPP device, and Wireshark handled them perfectly (barring some timestamp strangeness - the appended packets have negative timestamps, although I'd expect that sort of behaviour, given that there are multiple "reference" timestamps, and an issue with the USB dissector (gives "Warn Dissector bug, protocol USB, in packet 104: packet-usb.c:1702: failed assertion "DISSECTOR_ASSERT_NOT_REACHED"" although it's probably a known issue)), if anyone's interested.
Can you send me the tracefile privately? I would like to have a look
at the timestamp problem...


Thanks,
Tyson.

On Thu, May 21, 2009 at 6:51 PM, Michael Tüxen <Michael.Tuexen@xxxxxxxxxxxxxxxxx > wrote:
On May 21, 2009, at 7:24 PM, Tyson Key wrote:

> Hi again, Michael. Probably a stupid question, and I'm not sure if
> it's a bug or not, but any idea why I'd get "The file to which the
> capture would be saved ("../pcapng/U1") could not be opened:
> Permission denied." when trying to write a pcap-ng file to any
> directory other than the default one (/tmp), even as root, and when
> a directory has it's permission bits set to 777?
Not sure what the problem could be. I can run
./dumpcap -n -w test.pcapng -i lo0 -p
without any problem...
>
>
> Thanks in advance,
> Tyson.
>
> On Thu, May 21, 2009 at 5:24 PM, Michael Tüxen <Michael.Tuexen@xxxxxxxxxxxxxxxxx
> > wrote:
> On May 21, 2009, at 5:17 PM, Tyson Key wrote:
>
> > Hi Michael. This is fantastic news to hear!
> > Will it eventually support non-Ethernet, and mixed link types in the
> > same file (e.g. mmapped Linux USB and Ethernet), out of interest?
> Yes, it should be possible to capture from multiple interfaces of link
> types
> which are supported today (so I do not add new link types). For
> supporting
> multiple link types, I had to add pcapng support, which is already
> there...
>
> Best regards
> Michael
>
> >
> >
> > Thanks,
> > Tyson.
> >
> > On Thu, May 21, 2009 at 1:11 PM, Michael Tüxen <Michael.Tuexen@xxxxxxxxxxxxxxxxx
> > > wrote:
> > On May 21, 2009, at 12:02 PM, <chandra.kotikalapudi@xxxxxxxxx>
> wrote:
> >
> > > Hi Michael,
> > >
> > > I have downloaded the source code from SVN. Can you please say how
> > > to use dumpcap option -n to capture on interfaces x1, x2, x3
> from x1
> > > to xn.
> > Currently you can capture only on one interface, so
> > dumpcap -n -i en0
> > should work.
> > A future version will support
> > dumpcap -n -i en0 -s 100 -i en1 -s 1000
> > and so one, where you capture on en0 with snaplen 100 and on en1
> with
> > snaplen 1000.
> > You will also be able to set a pe interface capture filter, link
> type,
> > promiscuous flag.
> > I'll send a note to the dev list, when this stuff is working.
> >
> > Which platform are you using?
> >
> > Best regards
> > Michael
> >
> > >
> > >
> > > Regards,
> > > Chandra.
> > >
> > > -----Original Message-----
> > > From: Chandra Sekhar kotikalapudi (WT01 - Telecom Equipment)
> > > Sent: Thursday, May 21, 2009 3:20 PM
> > > To: 'Developer support list for Wireshark'
> > > Subject: RE: [Wireshark-dev] capturing on multiple interfaces
> > >
> > > Hi Michael,
> > >
> > > It is good to hear you have already working on it. Can you please
> > > say in which svn version it is available so that I could do the
> > > testing what ever possible?
> > >
> > > Thanks & Regards,
> > > Chandra.
> > >
> > > -----Original Message-----
> > > From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx
> > > ] On Behalf Of Michael Tüxen
> > > Sent: Thursday, May 21, 2009 2:52 PM
> > > To: Developer support list for Wireshark
> > > Subject: Re: [Wireshark-dev] capturing on multiple interfaces
> > >
> > > On May 21, 2009, at 8:59 AM, <chandra.kotikalapudi@xxxxxxxxx> <chandra.kotikalapudi@xxxxxxxxx
> > >> wrote:
> > >
> > >> Hi Tyson,
> > >>
> > >> Thank you very much for the response.
> > >> Is it possible to capture on desired 'x' interfaces in 'n'
> > >> interfaces available using "dumpcap".
> > > This is what I'm working on. The capture file will be stored
> > > in .pcapng format...
> > > Saving in .pcapng is already available in the svn version. Use the
> > -n
> > > option.
> > > Testing it is highly appreciated...
> > >
> > > Best regards
> > > Michael
> > >
> > >>
> > >> Regards,
> > >> Chandra.
> > >> From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx
> > >> ] On Behalf Of Tyson Key
> > >> Sent: Monday, May 18, 2009 8:53 PM
> > >> To: Developer support list for Wireshark
> > >> Subject: Re: [Wireshark-dev] capturing on multiple interfaces
> > >>
> > >> Hi, Chandra.
> > >> Assuming that all the devices you want to capture on uses the
> same
> > >> link type, there's an "any" pseudo-device on Linux that you can
> > use.
> > >> Sadly, it doesn't store information about the devices involved,
> and
> > >> the link type-specific headers are transformed into a "Cooked"
> > >> format. You might want to investigate pcap-ng for that sort of
> > stuff.
> > >>
> > >> Hope that helps,
> > >> Tyson.
> > >> On Mon, May 18, 2009 at 10:23 AM,
> <chandra.kotikalapudi@xxxxxxxxx>
> > >> wrote:
> > >> Hi,
> > >>
> > >>
> > >>
> > >> We all know Wireshark can capture on different interfaces, can it
> > be
> > >> able to capture on all interfaces at once using Wireshark?
> > >>
> > >>
> > >>
> > >> If 'No' is the answer can any one help me in understanding how
> > >> capturing is done using Wireshark?
> > >>
> > >> I could change the implementation accordingly for my needs to
> > >> capture on all interfaces.
> > >>
> > >>
> > >>
> > >> Thanks in advance.
> > >>
> > >>
> > >>
> > >> Regards,
> > >>
> > >> Chandra.
> > >>
> > >>
> > >>
> > >> Please do not print this email unless it is absolutely necessary.
> > >>
> > >> The information contained in this electronic message and any
> > >> attachments to this message are intended for the exclusive use of
> > >> the addressee(s) and may contain proprietary, confidential or
> > >> privileged information. If you are not the intended recipient,
> you
> > >> should not disseminate, distribute or copy this e-mail. Please
> > >> notify the sender immediately and destroy all copies of this
> > message
> > >> and any attachments.
> > >>
> > >> WARNING: Computer viruses can be transmitted via email. The
> > >> recipient should check this email and any attachments for the
> > >> presence of viruses. The company accepts no liability for any
> > damage
> > >> caused by any virus transmitted by this email.
> > >>
> > >> www.wipro.com
> > >>
> > >>
> > >>
> >
> ___________________________________________________________________________
> > >> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx
> > >
> > >> Archives:    http://www.wireshark.org/lists/wireshark-dev
> > >> Unsubscribe: https://wireshark.org/mailman/options/wireshark- dev
> > >>            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
> > >>
> > >>
> > >>
> > >> --
> > >> Fight Internet Censorship! http://www.eff.org
> > >>              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > >> http://i9.house404.co.uk/ | Twitter/FriendFeed/Skype: vmlemon |
> > >> +447549728105
> > >> Please do not print this email unless it is absolutely necessary.
> > >>
> > >> The information contained in this electronic message and any
> > >> attachments to this message are intended for the exclusive use of
> > >> the addressee(s) and may contain proprietary, confidential or
> > >> privileged information. If you are not the intended recipient,
> you
> > >> should not disseminate, distribute or copy this e-mail. Please
> > >> notify the sender immediately and destroy all copies of this
> > message
> > >> and any attachments.
> > >>
> > >> WARNING: Computer viruses can be transmitted via email. The
> > >> recipient should check this email and any attachments for the
> > >> presence of viruses. The company accepts no liability for any
> > damage
> > >> caused by any virus transmitted by this email.
> > >>
> > >> www.wipro.com
> > >>
> > >>
> >
> ___________________________________________________________________________
> > >> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx
> > >
> > >> Archives:    http://www.wireshark.org/lists/wireshark-dev
> > >> Unsubscribe: https://wireshark.org/mailman/options/wireshark- dev
> > >>            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
> > >
> > >
> >
> ___________________________________________________________________________
> > > Sent via:    Wireshark-dev mailing list <wireshark-
> > dev@xxxxxxxxxxxxx>
> > > Archives:    http://www.wireshark.org/lists/wireshark-dev
> > > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> > >             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
> > >
> > > Please do not print this email unless it is absolutely necessary.
> > >
> > > The information contained in this electronic message and any
> > > attachments to this message are intended for the exclusive use of
> > > the addressee(s) and may contain proprietary, confidential or
> > > privileged information. If you are not the intended recipient, you
> > > should not disseminate, distribute or copy this e-mail. Please
> > > notify the sender immediately and destroy all copies of this
> message
> > > and any attachments.
> > >
> > > WARNING: Computer viruses can be transmitted via email. The
> > > recipient should check this email and any attachments for the
> > > presence of viruses. The company accepts no liability for any
> damage
> > > caused by any virus transmitted by this email.
> > >
> > > www.wipro.com
> > >
> >
> ___________________________________________________________________________
> > > Sent via:    Wireshark-dev mailing list <wireshark-
> > dev@xxxxxxxxxxxxx>
> > > Archives:    http://www.wireshark.org/lists/wireshark-dev
> > > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> > >             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
> > >
> >
> >
> ___________________________________________________________________________
> > Sent via:    Wireshark-dev mailing list <wireshark-
> dev@xxxxxxxxxxxxx>
> > Archives:    http://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> >             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
> >
> >
> >
> > --
> > Fight Internet Censorship! http://www.eff.org
> >               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > http://i9.house404.co.uk/ | Twitter/FriendFeed/Skype: vmlemon |
> > +447549728105
> >
> ___________________________________________________________________________
> > Sent via:    Wireshark-dev mailing list <wireshark-
> dev@xxxxxxxxxxxxx>
> > Archives:    http://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> >             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>
> ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark- dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>
>
>
> --
> Fight Internet Censorship! http://www.eff.org
>               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> http://i9.house404.co.uk/ | Twitter/FriendFeed/Skype: vmlemon |
> +447549728105
> ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark- dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe



--
Fight Internet Censorship! http://www.eff.org
              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://i9.house404.co.uk/ | Twitter/FriendFeed/Skype: vmlemon | +447549728105
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe