mailing list archives
Re: read/write capture comments from the command line
From: Guy Harris <guy () alum mit edu>
Date: Sun, 7 Apr 2013 17:20:43 -0700
On Apr 4, 2013, at 12:06 PM, Martin Kaiser <lists () kaiser cx> wrote:
I was asked by some people about access to capture comments from the
command line tools. We identified two use cases
- You have a capture file and want to display its capture file comment.
Nothing but the comment, no packets etc.
Sounds like a job for capinfos. (I assume by "capture file comment" you mean the comment in the first Section Header
Block in a pcap-ng file, rather than the comments on packets.)
- You start a capture from the command line and want to insert a comment
into the newly created file.
The reading should be an option to tshark ("display the capture file
comment and exit").
...or part of capinfos. I'm not sure operations that don't involve looking at any packets belong in tshark.
For writing, I added a switch -j <new comment> to both tshark and
Sadly, -j is already taken for Wireshark, so you couldn't run Wireshark from the command line with "-j", unless we go
with either getopt_long() (pulling in a version from GNU libc for platforms that don't have it in the system library)
or with g_option:
and perhaps gtk_init_with_args():
so that we can have long arguments (rather than digging around for unused letters for every new option) and let at
least the long version of the argument be the same for TShark and Wireshark and dumpcap if they apply to two or more of
Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>
mailto:wireshark-dev-request () wireshark org?subject=unsubscribe