[Guy Harris <guy@xxxxxxxxxxxx>]

On Oct 28, 2015, at 1:25 PM, Perry Smith <pedzsan@xxxxxxxxx> wrote:

> I am testing the new Wireshark 2.0.0rc1 on the Mac and so far it seems to have all the features I need.   I believe I am going to enjoy the new interface a great deal.  The X11 interface was rather quirky on the Mac.
> 
> I have one question.
> 
> In the old version (1.12.x) I could do:
> 
> open -a wireshark foo1.pcap
> open -a wireshark foo2.pcap
> open -a wireshark foo3.pcap
> 
> and have all three traces at the same time.  I could not seem to get this feature if I did the normal open from the GUI.  But now on 2.0, the above does not work like it did.  Instead of a new window, a new open command (from the command line) just replaces the single existing window.

The GTK+ version consists of a wrapper program that's the "application" from the standpoint of Launch Services, and an X11 program that's the real Wireshark.  A side-effect of that was, apparently, that multiple opens would cause multiple instances of the X11 program to be started.

The Qt version consists of a single program; the "application" from the standpoint of Launch Services *is* the real Wireshark.  This might make it more difficult to arrange that multiple opens cause multiple instances of the program to be started; in OS X's model of the world, a single process handles all open documents, but, currently, Wireshark doesn't support that.

> So I gather that most people look at one IP trace at a time?

No, you gather that the transition from being a less-native application to being a more-native application more actively exposes the mismatch between Wireshark's one-process-per-capture architecture and OS X's one-process-for-all-documents architecture.  This was not an explicit UI design change.

> That is likely going to be a deal breaker for me.  I often want to view iptraces taken simultaneously on the two ends.  Perhaps there are better techniques?

Well, you could create a small shell script named, for example, "wsopen", which does:

	#! /bin/sh
	/Applications/Wireshark.app/Contents/MacOS/Wireshark "$@"&

and then doing

	wsopen foo1.pcap
	wsopen foo2.pcap
	wsopen foo3.pcap

should work.  (With 2.0.0rc1, this will fail; you'd have to install the latest 2.0.0rc2 automated builds from https://www.wireshark.org/download/automated/osx/.)

> Is there an option (or an open request to add an option) so I can have more than one trace open at a time?

Well, ultimately, Wireshark should be made to support having multiple files - and live captures - open within a single process, so that it fits the OS X model better.  On other OSes (Windows and other UN*Xes), double-clicking multiple captures would probably start separate processes, as that's how their application launchers work; I don't know whether the ability to open multiple files or start multiple captures within the same process would be useful on those platforms.