Home page logo
/

wireshark logo Wireshark mailing list archives

read/write capture comments from the command line
From: Martin Kaiser <lists () kaiser cx>
Date: Thu, 4 Apr 2013 21:06:26 +0200

Dear all,

I was asked by some people about access to capture comments from the
command line tools. We identified two use cases

- You have a capture file and want to display its capture file comment.
  Nothing but the comment, no packets etc.
- You start a capture from the command line and want to insert a comment 
  into the newly created file.

The reading should be an option to tshark ("display the capture file 
comment and exit"). Tshark would need a copy of cf_read_shb_comment() or 
a way to share it with file.c.

For writing, I added a switch -j <new comment> to both tshark and 
dumpcap. It turned out that things are most simple if I add a new field 
initial_capture_comment to the capture_options structure. Tshark can 
pass the comment to dumpcap via sync_pipe_start() and dumpcap writes the
SHB.

I have something basic that's working. Probably, a lot of plausibility 
checks for the parameters are missing. E.g. supplying a comment only 
makes sense if we capture into one pcapng file.

What do you think: Do these use cases and the approach make sense to 
you? And what letters should be used for the option? I know you've been
cleaning up the parameters lately ;-)

Best regards,

   Martin
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault