Re: More accurate frame count in interface list

[Evan Huus <eapache () gmail com>]

Sounds reasonable to me. Also worth noting that those two dialogues
will (hopefully) be merged or at least somewhat redesigned in the qt
version. I put forward a few ideas in December (a fairly long thread
including [1] and [2]).

Cheers,
Evan

[1] https://www.wireshark.org/lists/wireshark-dev/201212/msg00055.html
[2] https://www.wireshark.org/lists/wireshark-dev/201212/msg00124.html

On Sun, Mar 10, 2013 at 5:39 PM, Jaap Keuter <jaap.keuter () xs4all nl> wrote:
> Hi list,
>
> The following case was presented to me. An engineer was working on a case where
> he was monitoring networking equipment, of which he knew, or at least assumed,
> that it would send out a significant frame rate (300+ fps). Opening up the
> interface list showed that neither of the interfaces (there were several) had
> such frame rate, so that puzzled him. Once he tried a few interfaces he stumbled
> upon the right one and the captured frames started to race by. He would never
> have guessed looking at the interface list only.
>
> So even though there was a significant frame rate present on that interface the
> interface list doesn't show it. Given rationale is that the statistics capture
> for the interface list is done in non-promiscuous mode to keep the load on the
> network stack down. I guess that's a valid concern in certain situations.
>
> With the advance of the capture interfaces list we have a more fine grained
> control over the capture settings per interface. I think we should use this to
> our advantage in this matter. What if we used the promiscuous mode preference
> setting per interface to configure the capture for the interface list. That
> would give the user a more accurate impression of the amount of traffic captured
> on an interface once the capture was started (without changing further
> promiscuous mode setting).
>
> Implementation note: Wireshark now just asks dumpcap to push interface
> statistics on all the interfaces it knows. This has to be changed in Wireshark
> feeding dumpcap a list of interfaces to monitor in either promiscuous or
> non-promiscuous mode. But this should be no problem since Wireshark already
> knows the interfaces, since they are listed on the welcome page.
>
> Thanks,
> Jaap
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe