Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2023-08-08 06:45:00 +0000

Guy Harris gravatar image

Is it possible to provide support or guidance on how to enable the display of "Link Down" information in Wireshark when analyzing BLF records containing Ethernet data?

In order to enable that display, you would have to:

  1. Modify the API of Wireshark's libwiretap library so that it has a mechanism by which a read from a file can return a record/block that represents a change in the status of a link on which the capture is being done.
  2. Modify the BLF reader code in that library to handle whatever type of objects contain indications of the link status changing (KLineStatusEvents, or whatever the right thing to call them is?) by returning them using that mechanism.
  3. Modifying Wireshark's libwireshark library so that it can handle that new record/block type by displaying the change to the line status.
  4. Compiling the modified version of Wireshark and using that version.

Or request that somebody else do that - for example, by making an enhancement request on the Wireshark issues list.

That's the only way to enable it; it's not as if there's an option that you need to turn on in order for it to work (that would make no sense - if Wireshark could do that, it should not require the user to turn on an option in order for it to work), the problem is that there's no code in Wireshark to do that.