PrefBlock

Pcapng Wireshark preferences block

Define a pcapng block to store Wireshark preferences used to view the file. The content could be read to a file profile which would then be made the active profile. Opening a new file would overwrite this profile.

Goal/Purpose

Sometimes it's difficult to view a file in the same manner as the person sending the file because of different preference settings used to view the file. As an example the receiver may only see UDP packets as the proper port preference for the protocol in question isn't set.

Open Issues / Questions

I was thinking about a file profile, the profile would work as profiles do now.

That would work as editing a profile today.

Hmm, two file profiles original/current?

This brings up the point that the preferences mechanism is used for several different purposes:

Perhaps there should be a new mechanism for the third of those types of preferences, similar to the preferences mechanism, so that the third type of setting can be kept separate from the first two, and only the settings managed by that mechanism would be stored in the file.

There might be preferences for the *default* settings of those options, but a change to the *current* settings of those options, whether from the UI or from the capture file, wouldn't change the default settings.

In addition, some of those settings might be "per-conversation" (with "conversations" including TCP connections, virtual circuits of various sorts, etc.).

Would the over all goal be better served with new per-packet-option(s)guiding dissection?


Imported from https://wiki.wireshark.org/PrefBlock on 2020-08-11 23:18:17 UTC