Wireshark-users: Re: [Wireshark-users] In the Open dialog, are the options to show only particula
Date Prev · Date Next · Thread Prev · Thread Next
From: "Dana J. Dawson" <Dana.Dawson@xxxxxxxxxxxxxxx>
Date: Mon, 30 Dec 2013 12:14:14 -0600
I pretty much always know what file I want to open, so I don't need a lot of fancy processing by file type.  Clearly the "All Files" option if valuable, but aside from that all I'd really need would be generic file name filtering that included but was not limited to file name extensions, along with the ability to do basic wild carding and simple pattern matching, since that makes it easier to deal with directories with large numbers of files.  For example, I might want to see just the files with part of a date string in the name so I can see just the ones from a particular day, such as "*20131230*".  I would not want to pay the processing price involved in dynamically trying to determine the actual file type by opening each file, especially since I can pretty easily do essentially the same thing with the "capinfos" command.

Just my 2¢...

Dana
--
Dana J. Dawson
Principal CPE Engineer, CCIE #1937 (R&S)
CenturyLink, CPE-CTAC
600 Stinson Blvd., Flr 1S
Minneapolis  MN  55413-2620



On Dec 30, 2013, at 6:00 AM, wireshark-users-request@xxxxxxxxxxxxx wrote:

> On Windows, the Wireshark File -> Open dialog has a "Files of type:" widget that lets you choose "All Files" or files of various types.
> 
> In current Wireshark releases, some of those options aren't really useful, as not all file types have standard extensions, and so their options just select use *.* and show all files.  Some other file formats are text file formats without standard extensions, and show *.txt and *.txt.gz files, so their options show text files that aren't capture files.
> 
> In addition, the extension .cap is used for several different file formats, so the options for NetXRay/Windows Sniffer, Microsoft Network Monitor, and Shomiti/Finisar Surveyor files all show *.cap and *.cap.gz files and thus show files of all those types.
> 
> The GTK+ version in the development release adds "All Capture Files", which shows files with all extensions Wireshark knows about (which means it won't see the file types that don't have standard extensions), doesn't have options for file types without standard extensions (as they're either no different from "All Files" or they're just "show all .txt files"), and lumps all the .cap files into one item.
> 
> Are any of those options useful (other than, obviously, "All Files")?
> 
> Would options that select files based on the files' *contents*, rather than their *file extensions* - which would correctly identify the particular file type of .cap files, distinguish between various text file formats that are capture files and text file formats that aren't capture files, and identify files that don't have extensions - be useful?
> 
> I don't know whether those options could be implemented in the Open dialog on all platforms, and, if they *are* implemented, selecting one of the options would require that all files in the folder be opened, which could take a significant amount of time, especially in a directory with lots of files or a directory mounted from a file server, so it wouldn't be "free".