On May 20, 2011, at 11:18 PM, Joerg Mayer wrote: > On Fri, May 20, 2011 at 02:25:38PM +0000, Chris Maynard wrote: >> To me, if it doesn't work without -n and -t, then it makes it that much more >> user-friendly to automatically use pcapng and threads whenever multiple >> interfaces are specified. > > Do we really need pcapng if multiple interfaces of the same type are specified > or is this "only" to make it possible to see which interface the packet was > captured on? Good question: For interfaces with different types you need pcapng to handle different types. For interfaces of the same type you need pcapng to store the information on which interface the packet was captured. If you do not need this information, you could use pcap. My current decision was that I wanted to have the information on which interface the packet was captured, so I enforce pcapng. Since wireshark supports pcapng, I do not see a drawback. If you want to use the capture file with other tools you might want to convert your pcapng file to pcap. We might want to enhance wireshark to be able to store suh a file in .pcap format and loosing some information (maybe it can do it already, haven't looked at it.) > >> And speaking of "-i any", obviously on Windows, that isn't supported ... but >> a >> neat thing would be if it could be by internally scanning all interfaces and >> treating it as if "-i 1 -i 2 ... -i n" were specified. > > I don't quite agree with this: any has a very specific meaning and will > (normally) > create pcap output, while your proposal would create pcapng output. Also the > linux > cooked capture type does not contain a L2 header. Maybe adding a new "all" > pseudo > interface would be better. I agree totally with you. -i all is much better. dumpcap -i any should continue to behave like it does today.
Best regards Michael > > Ciao > Joerg > -- > Joerg Mayer <[email protected]> > We are stuck with technology when what we really want is just stuff that > works. Some say that should read Microsoft instead of technology. > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe > ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
