On May 7, 2009, at 1:10 AM, Aaron Turner wrote: > On Wed, May 6, 2009 at 8:59 PM, Michael Tüxen > <[email protected]> wrote: >> On May 6, 2009, at 3:40 PM, Aaron Turner wrote: >> >>> Personally I think different filters for different interfaces >>> doesn't >>> make a lot of sense. I really can't imagine a situation when you'd >>> need to capture different kinds of packets on different interfaces >>> but >>> write to a single file. >> For SCTP I might want to capture on two different interfaces >> traffic belonging to the same transport connection. I might want >> to filter on different destination addresses: >> dumpcap -n -i en0 -f sctp && host a.b.c.d -i en1 -f sctp && host >> e.f.g.h > > I'm not sctp knowledgeable, but is there a reason you couldn't just > write a single filter for both interfaces as: > > sctp && (host a.b.c.d || host e.f.g.h) You could do that... But this does not work for the -y option when capturing on different physical interfaces... > > >>> At least, I think it's fair to say that single filter w/ multiple >>> interfaces is a more common case then multiple filters & multiple >>> interfaces. Ideally the more common case shouldn't require you to >>> specify the same filter twice. >> But I need a way to distinguish whether this filter applies for >> all interfaces or only for one... > > Fair enough, but it is my opinion that the vast majority of users > don't need this functionality. > >> So we could do >> dumpcap -f sctp -n -i en0 -i en1 >> (filter before interface) to mean setting for all interfaces >> and >> dumpcap -n -i en0 -f sctp -i en1 >> (filter after interface) that sctp is used only for en0 and en1 >> has no capture filter. >> >> What do you think about this? > > I think this is confusing to many people and is more likely to have > unintended consequences. Most users don't consider CLI option > ordering to have special meaning. Personally, I prefer Stephen's > suggestion of directly linking the filter to the interface ala -i > en0:"sctp && host a.b.c.d" if you want to get fancy. > > It also means the old style cli args could easliy be grand-fathered in > (any interface without a specific filter uses the global filter). > > -- > Aaron Turner > http://synfin.net/ > http://tcpreplay.synfin.net/ - Pcap editing and replay tools for > Unix & Windows > Those who would give up essential Liberty, to purchase a little > temporary > Safety, deserve neither Liberty nor Safety. > -- Benjamin Franklin > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
