First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

How can I have multiple captures open on a Mac?

It would be really nice if I could examine a file that I've saved while still running WS. Would it be possible to have a different program that simply reads the WS file as it does now so a person can collect packets at the same time as WS is collecting packets so someone can analyze a saved file using the separate reader software. Since it doesn't have to collect and store it shouldn't be that complex.

It would also be nice if there was a pdf manual that I could print out too. I know this stuff changes but there was an article in Scientific American several years ago about research showing that people have a much higher retention rate when reading something off paper verses a screen. A manual for v 2.6 of WS would be great too.

On a different note applause for all the people that developed this for Macs. It uses less than 1% of the CPU and that is MAGNIFICENT! Good job!

Thank you,

Paul

Reallylost's avatar
1
Reallylost
asked 2020-09-25 16:27:49 +0000
Guy Harris's avatar
19.9k
Guy Harris
updated 2020-09-25 19:06:37 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

It would be really nice if I could examine a file that I've saved while still running WS

You can - just open multiple Wireshark windows. If you are on a Mac, you can try something like this:

open -n /Applications/Wireshark.app

From: https://osqa-ask.wireshark.org/questions/50713/how-to-open-multiple-wireshark-instances-in-mac-os-x

A manual for v 2.6 of WS would be great too.

Wireshark is on 3.2.7 so you will find it difficult to find people who are going to work on such an old version.

Bob Jones's avatar
1.5k
Bob Jones
answered 2020-09-25 18:22:27 +0000
edit flag offensive 0 remove flag delete link
more

Comments

open -n /Applications/Wireshark.app

Ideally, that wouldn't be necessary, but, to avoid the need for -n, Wireshark would have to be modified to allow one process to have multiple captures open in order to make it function more like a normal Mac application. Wireshark currently maintains all the per-capture state as global data; it would either have to maintain most if not alll of it as per-file data, or would have to split the UI and dissection into separate programs and have a single UI process communicate with multiple dissection processes, one per file (that's how Safari and Chrome work; it may have some safety advantages, which I think is one reason why those browsers do that), or would have to do something else to resolve that.

Guy Harris's avatar Guy Harris (2020-09-25 19:05:41 +0000) edit
more
  • delete

Thank you. That helped. Paul

Reallylost's avatar Reallylost (2020-10-01 23:16:42 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer