Zuidweg, R (Rob) wrote:
- Why does the -F option no longer work ?
We got rid of it as a capture option. We changed the capture path so
that it doesn't convert the information it gets from the libpcap format
you get from the capture library Ethereal/Wireshark use (the library is
called "libpcap" :-)) to the form Wiretap (the library, in the
Ethereal/Wireshark source, used to read and write capture files)
expects; this means that less work is done while capturing, and that
changing the form Wiretap expects in ways that would make that
conversion take more CPU time than it already does won't slow down the
capture code path.
- any workaround/fix available ?
Convert the capture file to Sniffer format, using editcap or TShark,
after the capture is done.
I was unable to find any notification so far in the documentation/FAQ.
Did I overlook anything ?
I'll fix the man page to note that "-F" works only when reading an
existing capture file.