Wireshark-dev: Re: [Wireshark-dev] Problems with capturing on multiple interfaces

From: Tyson Key <tyson.key@xxxxxxxxx>
Date: Fri, 20 May 2011 15:46:12 +0100
Hmm, wouldn't using "any" was a means of nullifying other interfaces break concurrent capturing on both the "any interface" and Bluetooth or USB interfaces?

Still, I agree with Chris's suggestions, with regards to weak emulation of an "any interface" under Windows; and "speculative capturing" (i.e. waiting for a device to appear before capturing relevant traffic).

I'm liking the feature so far otherwise, though. (It means that I no longer have to launch Wireshark or TShark *8* times, and dismiss a tonne of warning dialogues just to do USB capturing).

Thanks, and keep up the good work!

Tyson. 

On 20 May 2011 15:25, Chris Maynard <chris.maynard@xxxxxxxxx> wrote:
Michael Tüxen <Michael.Tuexen@...> writes:

> You actually need:
> -n to use pcapng
> and
> -t to use threads.
>
> It is simple to add -n and -t if you are specifying more than one interface
> (actually this is what tshark and wireshark do). I wanted to be explicit
> since I consider it currently an experimental feature. But, if the groups
> prefers, we can add -n and -t if there is more than one interface specified.

To me, if it doesn't work without -n and -t, then it makes it that much more
user-friendly to automatically use pcapng and threads whenever multiple
interfaces are specified.

I understand this is still a work in progress, but something else I was thinking
about was the "-i any" interface.  What will happen if someone specifies
something like, "-i eth0 -i any -i lo" or variations thereof?  I assume it would
be treated as "-i any" only?

And speaking of "-i any", obviously on Windows, that isn't supported ... but a
neat thing would be if it could be by internally scanning all interfaces and
treating it as if "-i 1 -i 2 ... -i n" were specified.

And while I'm at it ... another feature that I think would be nice to have would
be to be able to specify capturing on an interface that doesn't yet exist, such
as ppp0.  For my USB/PPP capturing, currently to get a capture of all traffic
over that interface, I either have to use usbmon or ppp's record option to
generate a pppdump file.  (OK, this last one isn't really specific to capturing
on multiple interfaces, but it's related to capturing so ...)

> Thanks for the feedback.
You're welcome ... thanks for the feature!
- Chris

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe



--
                                          Fight Internet Censorship! http://www.eff.org
http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon | 00447934365844