This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I am writing a tap in Lua, but could also write it in C if necessary. I would like to know in the tap.packet was called as a result of a live capture or file load. I know that in the main Wireshark code, it uses capture_opts->real_time_mode, but I can't seem to find how to access this in a tap.

asked 01 Feb '16, 13:51

SonomaDave's gravatar image

SonomaDave
11223
accept rate: 0%


It can't.

What is it that your tap would do differently in those two cases?

permanent link

answered 01 Feb '16, 18:30

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

I am sending data to an external program to calculate response times. It works slightly different for real time data versus the load of previously captured data. It present results in time slices, (e.g. response time for 10 minute slices). If traffic is sparse, then there may be no data at the end of the next time slice, which means the user would not see the complete picture. So, if the data is in real time, and no traffic is seen for a few seconds, the program initiates a cut-off. I do not want to do this for the load of a previously captured file.

(02 Feb '16, 12:03) SonomaDave
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×549
×40
×16
×15

question asked: 01 Feb '16, 13:51

question was seen: 3,475 times

last updated: 02 Feb '16, 12:03

p​o​w​e​r​e​d by O​S​Q​A