Hi,
is there any variable or way to query the value of the capturing-interface to be used into a postdissector?
I know that you can also capture from multiple interfaces at the same time, and this could be a problem, but I'am focusing on single interface capture.
Thanks Gian
Currently, no.
First of all, not all capture file formats have a provision for recording MAC addresses for capture interfaces as per-interface metadata.
pcapng does support that, but 1) I don't know whether any capturing software currently provides it (Wireshark currently doesn't) and 2) Wireshark doesn't save that information when reading a capture.
Thank you for the answer. It's a bad luck! I am writing a simple post-dissector that mark any packet as being INbound or OUTbound. The logic is simple: when you are capturing your ethernet network adapter, if eth.src==your-mac-address then it is an outgoing packet, else it is coming in. Every user has to modify the post-dissector based on its specific mac-address, and if we could have got it dynamically then it would have worked completely automatic. Thanks again anyway.
Comments