Wireshark-users: Re: [Wireshark-users] Wireshark V1.8.0 - analysing dual NIC capture
From: Christopher Maynard <Christopher.Maynard@xxxxxxxxx>
Date: Fri, 29 Jun 2012 00:46:27 +0000 (UTC)
Jeff Morriss <jeff.morriss.ws@...> writes:

> On Tue, Jun 26, 2012 at 8:51 AM, Keith French <keithfrench@...> wrote:
> > Thanks for a really fantastic new release of Wireshark.
> >
> > I have been trying out Wireshark V1.8.0 capturing on 2 NICs simultaneously
using the .pcapng format.
> However, I am not really sure what I am expecting to see when analysing the 
trace.
> 
> The main thing is that you can get packets from 2 interfaces at the
> same time.  No other real changes.

Should other real changes be made?  For example, would it make sense to take
into account the interface when performing reassembly, conversation tracking,
etc?  I would think that in many (most?) cases, it wouldn't be very useful to
try to mix/combine that type of analysis across interfaces.  I'm sure there
could be cases where more than 1 interface could be used for an entire
conversation (for example), so maybe have a preference to control whether the
interface should or should not be taken into account?

- Chris