On Thu, Feb 25, 2010 at 06:29:14PM -0800, Guy Harris wrote:
>
> On Feb 25, 2010, at 5:46 AM, Jakub Zawadzki wrote:
>
> > I'd like to make ncurses frontend for wireshark
>
> Unless it depends on features in ncurses not in System V curses, it should probably be called "cshark" - there might still be some UN*Xes that use System V curses rather than ncurses. (I don't know whether any non-ancient UN*Xes provide only the original BSD curses, but BSD curses has a lot less functionality than SV curses, so it's probably not a useful target; SV curses is probably the minimum target for which you'd want to develop.)
Fast searching for differences in API between ncurses and curses,
I found that curses lack mouse support (man 3 curs_mouse).
Btw. nshark sounds better :)
> > Wireshark for big captures is sometimes slow, it eats lot of memory,
> > and because of gui - it's not easy to use it remotely.
>
> If the version you're running remotely is X11-based (which currently means "not Windows"), it can be done, although you'd have to set DISPLAY, set your X server up to accept connections from it, etc..
Right, X11 have server/client architecture, but I think people tend to use ssh X11 forwarding,
but still it's not so great...
> > It'd be also possible to fast check how wireshark dissector will behave
> > if you change this byte to another value... :)
>
> ...and that might be useful in combination with the packet injection feature.
... and wireshark won't be longer passive sniffer (I don't know how you feel about it...),
and I think dumpcap should not inject packets. Someone should write injectcap (?)