mailing list archives
read/write capture comments from the command line
From: Martin Kaiser <lists () kaiser cx>
Date: Thu, 4 Apr 2013 21:06:26 +0200
I was asked by some people about access to capture comments from the
command line tools. We identified two use cases
- You have a capture file and want to display its capture file comment.
Nothing but the comment, no packets etc.
- You start a capture from the command line and want to insert a comment
into the newly created file.
The reading should be an option to tshark ("display the capture file
comment and exit"). Tshark would need a copy of cf_read_shb_comment() or
a way to share it with file.c.
For writing, I added a switch -j <new comment> to both tshark and
dumpcap. It turned out that things are most simple if I add a new field
initial_capture_comment to the capture_options structure. Tshark can
pass the comment to dumpcap via sync_pipe_start() and dumpcap writes the
I have something basic that's working. Probably, a lot of plausibility
checks for the parameters are missing. E.g. supplying a comment only
makes sense if we capture into one pcapng file.
What do you think: Do these use cases and the approach make sense to
you? And what letters should be used for the option? I know you've been
cleaning up the parameters lately ;-)
Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>
mailto:wireshark-dev-request () wireshark org?subject=unsubscribe