Wireshark-dev: Re: [Wireshark-dev] Problems with capturing on multiple interfaces

From: Michael Tüxen <Michael.Tuexen@xxxxxxxxxxxxxxxxx>
Date: Thu, 19 May 2011 22:35:21 +0200
On May 19, 2011, at 7:40 PM, Chris Maynard wrote:

> Additional feedback (pigging-backing off Joerg's post):
> 1) When capturing on multiple interfaces, the -n option is required in order to
> use pcapng instead of pcap.  But if it's omitted - accidentally or not - could
> it just be automatically assumed?
You actually need:
-n to use pcapng
and
-t to use threads.

It is simple to add -n and -t if you are specifying more than one interface
(actually this is what tshark and wireshark do). I wanted to be explicit
since I consider it currently an experimental feature. But, if the groups
prefers, we can add -n and -t if there is more than one interface specified.
> 
> 2) The tempfile name includes the name of the interface.  But, if we're
> capturing on multiple interfaces, I would think we'd want to rename it, but how
> best to do that?  We could string the interface names together, but that could
> result in lengthy tempfile names, especially for Windows), or we could use part
> of each interface's name or use a generic "multiple_interfaces" name, or
> something else???  The solution could differ depending on OS.  Stringing
> together eth0_eth1_lo is nice and short, but not the case for Windows with long
> names like, "NPF_GenericDialupAdapter", "07BB3785-079D-4AB5-AE27-79723D20A0CF", 
> etc.
Yes, the names are ugly on non Unix systems (aka Windows). I currently going
through various places and try to use appropriate names (started with things
visible in the GUI). But I can change the temp file name, too. Will put it
on the ToDO list.

Thanks for the feedback.

Best regards
Michael
> 
> 
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>