Home page logo
/

wireshark logo Wireshark mailing list archives

Re: read/write capture comments from the command line
From: Guy Harris <guy () alum mit edu>
Date: Sun, 7 Apr 2013 17:20:43 -0700


On Apr 4, 2013, at 12:06 PM, Martin Kaiser <lists () kaiser cx> wrote:

I was asked by some people about access to capture comments from the
command line tools. We identified two use cases

- You have a capture file and want to display its capture file comment.
 Nothing but the comment, no packets etc.

Sounds like a job for capinfos.  (I assume by "capture file comment" you mean the comment in the first Section Header 
Block in a pcap-ng file, rather than the comments on packets.)

- You start a capture from the command line and want to insert a comment 
 into the newly created file.

The reading should be an option to tshark ("display the capture file 
comment and exit").

...or part of capinfos.  I'm not sure operations that don't involve looking at any packets belong in tshark.

For writing, I added a switch -j <new comment> to both tshark and 
dumpcap.

Sadly, -j is already taken for Wireshark, so you couldn't run Wireshark from the command line with "-j", unless we go 
with either getopt_long() (pulling in a version from GNU libc for platforms that don't have it in the system library) 
or with g_option:

        https://developer.gnome.org/glib/stable/glib-Commandline-option-parser.html

and perhaps gtk_init_with_args():

        https://developer.gnome.org/gtk2/stable/gtk2-General.html#gtk-init-with-args

so that we can have long arguments (rather than digging around for unused letters for every new option) and let at 
least the long version of the argument be the same for TShark and Wireshark and dumpcap if they apply to two or more of 
them.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]