ENH: Allow freezing/halting of capture, to have steady data to explore

[corneliusroemer]

Is there an existing issue for this?

• [X] I have searched the existing issues.

Describe the solution you'd like

I love sniffnet, great tool!

One thing I'm missing is the ability to halt/freeze/"stop the world" to explore what's been captured in detail.

Right now, the data refreshes every second, making it hard to read/explore. I've looked for such a feature in the docs/help but couldn't find anything.

Is your feature request related to a problem?

I'm always frustrated when I try to read a table and the table rerenders the second I move to another column.

Try staying with the "same" here (semantically the same, not at the same height):

I'm surprised no one else has had this problem yet - I must have missed something obvious, like a pause button, but couldn't find anything.

[GyulyVGC]

Thanks for your suggestion. Yes, you're actually the first one to have brought up this kind of concern and there is not a real solution as of now.

However, as you may have noticed, you can sort the table by packets or bytes exchanged and that will give you a much more stable view. Let me know if this sounds as a possible acceptable workaround.

In case the table isn't sorted, the default behaviour is to show the most recent entries, so it doesn't make much sense to stop it in my opinion; freezing the capture would also be counterintuitive I think because it could introduce some misunderstandings about the status of the capture: the capture is running while the view is freezed.

[GyulyVGC]

After better thinking about this one, I came to the following conclusions:

1. the table can be sorted by ascending / descending number of packets / bytes in case you want a more steady view
2. If you want to have steady data to explore you can always export the capture as a PCAP file; Sniffnet already supports exporting such kind of files and importing them is planned for the future (#283)
3. freezing the view while the capture is running breaks things because in this case we'd have inconsistent states of what's captured vs what's displayed
4. freezing both the view & the capture is the only reasonable solution I can think of

This being said, I think that points 1) and 2) make it clear that there are other solutions to have steady data to explore. However, being able to stop and later resume the capture could potentially be of interest for other scenarios maybe? Right now, to achieve this the only workaround is to stop the current analysis and later restart another analysis still from the same network adapter. Maybe we should understand if there's some case in which users want to pause the ongoing analysis without restarting it.

[corneliusroemer]

Thanks for thinking this through!

My idea was to halt the entire capture. Then I can inspect whatever I've captured. So that's version 4 in your list. That's perfectly good!

While there might be workarounds, i.e. using a different program to view what was captured, isn't the whole idea of sniffnet to allow convenient viewing right there 😀

I've discovered the sorting workaround as well, but it's a bit annoying still and imperfect.