Wireshark-dev: Re: [Wireshark-dev] Problems with capturing on multiple interfaces

From: Michael Tüxen <Michael.Tuexen@xxxxxxxxxxxxxxxxx>
Date: Sat, 21 May 2011 18:56:56 +0200
On May 20, 2011, at 4:46 PM, Tyson Key wrote:

> Hmm, wouldn't using "any" was a means of nullifying other interfaces break concurrent capturing on both the "any interface" and Bluetooth or USB interfaces?
As said in the other mail: -i all -i lo0 would capture packets on lo0 twice. I
don't want to do some magic on command line args...

Best regards
Michael
> 
> Still, I agree with Chris's suggestions, with regards to weak emulation of an "any interface" under Windows; and "speculative capturing" (i.e. waiting for a device to appear before capturing relevant traffic).
> 
> I'm liking the feature so far otherwise, though. (It means that I no longer have to launch Wireshark or TShark *8* times, and dismiss a tonne of warning dialogues just to do USB capturing).
> 
> Thanks, and keep up the good work!
> 
> Tyson. 
> 
> On 20 May 2011 15:25, Chris Maynard <chris.maynard@xxxxxxxxx> wrote:
> Michael Tüxen <Michael.Tuexen@...> writes:
> 
> > You actually need:
> > -n to use pcapng
> > and
> > -t to use threads.
> >
> > It is simple to add -n and -t if you are specifying more than one interface
> > (actually this is what tshark and wireshark do). I wanted to be explicit
> > since I consider it currently an experimental feature. But, if the groups
> > prefers, we can add -n and -t if there is more than one interface specified.
> 
> To me, if it doesn't work without -n and -t, then it makes it that much more
> user-friendly to automatically use pcapng and threads whenever multiple
> interfaces are specified.
> 
> I understand this is still a work in progress, but something else I was thinking
> about was the "-i any" interface.  What will happen if someone specifies
> something like, "-i eth0 -i any -i lo" or variations thereof?  I assume it would
> be treated as "-i any" only?
> 
> And speaking of "-i any", obviously on Windows, that isn't supported ... but a
> neat thing would be if it could be by internally scanning all interfaces and
> treating it as if "-i 1 -i 2 ... -i n" were specified.
> 
> And while I'm at it ... another feature that I think would be nice to have would
> be to be able to specify capturing on an interface that doesn't yet exist, such
> as ppp0.  For my USB/PPP capturing, currently to get a capture of all traffic
> over that interface, I either have to use usbmon or ppp's record option to
> generate a pppdump file.  (OK, this last one isn't really specific to capturing
> on multiple interfaces, but it's related to capturing so ...)
> 
> > Thanks for the feedback.
> You're welcome ... thanks for the feature!
> - Chris
> 
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
> 
> 
> 
> -- 
>                                           Fight Internet Censorship! http://www.eff.org
> http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon | 00447934365844
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe