Home page logo
/

wireshark logo Wireshark mailing list archives

In the Open dialog, are the options to show only particular capture file types useful?
From: Guy Harris <guy () alum mit edu>
Date: Mon, 30 Dec 2013 00:18:41 -0800

On Windows, the Wireshark File -> Open dialog has a "Files of type:" widget that lets you choose "All Files" or files 
of various types.

In current Wireshark releases, some of those options aren't really useful, as not all file types have standard 
extensions, and so their options just select use *.* and show all files.  Some other file formats are text file formats 
without standard extensions, and show *.txt and *.txt.gz files, so their options show text files that aren't capture 
files.

In addition, the extension .cap is used for several different file formats, so the options for NetXRay/Windows Sniffer, 
Microsoft Network Monitor, and Shomiti/Finisar Surveyor files all show *.cap and *.cap.gz files and thus show files of 
all those types.

The GTK+ version in the development release adds "All Capture Files", which shows files with all extensions Wireshark 
knows about (which means it won't see the file types that don't have standard extensions), doesn't have options for 
file types without standard extensions (as they're either no different from "All Files" or they're just "show all .txt 
files"), and lumps all the .cap files into one item.

Are any of those options useful (other than, obviously, "All Files")?

Would options that select files based on the files' *contents*, rather than their *file extensions* - which would 
correctly identify the particular file type of .cap files, distinguish between various text file formats that are 
capture files and text file formats that aren't capture files, and identify files that don't have extensions - be 
useful?

I don't know whether those options could be implemented in the Open dialog on all platforms, and, if they *are* 
implemented, selecting one of the options would require that all files in the folder be opened, which could take a 
significant amount of time, especially in a directory with lots of files or a directory mounted from a file server, so 
it wouldn't be "free".
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]