Tom Benstead wrote:
I would have thought
Ethereal would have used the contents of cfile.pd to
create the new capture file but this does not seem to
be the case.
No, it's not, and it never was intended to be.
cfile.pd is a *temporary buffer* to hold the *current* packet; there
isn't even any guarantee that any changes made to that buffer will
persist across clicking on a different packet and clicking back to the
"changed" packet. The permanent home of packet data is the capture file
*itself*. The only way to make packet changes persistent would be to
modify the capture file - and that'd be very difficult if you were
changing the size of the packet or inserting a new packet.
Ethereal wasn't designed to be a capture file editor; there would
probably have to be very substantial changes made to it in order to make
it one. (For one thing, as packet dissection is stateful, i.e. the way
a packet is dissected could depend on the preceding packets in the
capture, changing a packet could require that all the packets after it
be re-dissected, and that could involve discarding some state and
regenerating it, so the simplest and safest way to do the re-dissection
would be to re-dissect the entire capture.)
