[pcap-ng-format] Separate options for "user" and "vendor" descriptions of an interface?
Jasper Bongertz
jasper at packet-foo.com
Mon Jan 26 21:42:30 UTC 2015
Sounds good to me.
Another issue with interfaces is that it would be nice to have an
identifier that stays the same across different capture jobs. Windows
captures currently have this with the GUID in the interface name, but
as far as I know all others don't. It is really useful to know that
two captures where recorded on the same interface when merging
captures, especially with multi NIC captures. It makes it a lot easier
for the merging process when it knows that two frames from two
different files can be written to the merged file with just one
interface entry because its the same in both source files. Having two
"eth0" interfaces doesn't mean they're the same...
I'm not sure though on how to create and keep those indentifiers
persistent across multiple runs of dumpcap. On Windows its
something the OS does (as far as I can tell) and dumpcap uses.
Monday, January 26, 2015, 10:22:14 PM, Guy Harris wrote:
> The if_description option in the Interface Description Block is
> specified as containing "A UTF-8 string containing the description
> of the device used to capture data". The examples given are
> "Broadcom NetXtreme" / "First Ethernet Interface" / ....
> The first of those is a description of the device's hardware.
> WinPcap supplies a description of that sort, as provided by the
> vendor's device driver; that won't necessarily distinguish between
> interfaces, if you have multiple interfaces of the same type.
> The second of those is a user-oriented description. Wireshark
> currently has code to get user-oriented descriptions from the OS on
> Windows ("Local Area Connection" and the like) and OS X, and, on
> FreeBSD and OpenBSD, libpcap uses those OSes ioctls that get a settable description string.
> So I can see two different description options for an interface.
> (Wireshark also lets the user specify their own names for an
> interface; this can be useful if the OS doesn't itself provide
> user-oriented descriptions, and also lets the user replace those
> with their own descriptions. If they want to specify their own
> string *in addition to* a system-supplied user-oriented description,
> that's probably best done with comment options.)
> I suggest that we add if_hardware_description, or something such as
> that, to use for the sort of descriptions that WinPcap provides, and
> use if_description for the user-oriented description.
> _______________________________________________
> pcap-ng-format mailing list
> pcap-ng-format at winpcap.org
> https://www.winpcap.org/mailman/listinfo/pcap-ng-format
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3681 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.winpcap.org/pipermail/pcap-ng-format/attachments/20150126/6e94a018/attachment.bin>
More information about the pcap-ng-format
mailing list