On Apr 4, 2013, at 12:06 PM, Martin Kaiser <[email protected]> wrote:
> I was asked by some people about access to capture comments from the
> command line tools. We identified two use cases
>
> - You have a capture file and want to display its capture file comment.
> Nothing but the comment, no packets etc.
Sounds like a job for capinfos. (I assume by "capture file comment" you mean
the comment in the first Section Header Block in a pcap-ng file, rather than
the comments on packets.)
> - You start a capture from the command line and want to insert a comment
> into the newly created file.
>
> The reading should be an option to tshark ("display the capture file
> comment and exit").
...or part of capinfos. I'm not sure operations that don't involve looking at
any packets belong in tshark.
> For writing, I added a switch -j <new comment> to both tshark and
> dumpcap.
Sadly, -j is already taken for Wireshark, so you couldn't run Wireshark from
the command line with "-j", unless we go with either getopt_long() (pulling in
a version from GNU libc for platforms that don't have it in the system library)
or with g_option:
https://developer.gnome.org/glib/stable/glib-Commandline-option-parser.html
and perhaps gtk_init_with_args():
https://developer.gnome.org/gtk2/stable/gtk2-General.html#gtk-init-with-args
so that we can have long arguments (rather than digging around for unused
letters for every new option) and let at least the long version of the argument
be the same for TShark and Wireshark and dumpcap if they apply to two or more
of them.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
