default interfaces to monitor

[Carter Bullard]

Gentle people,
We are free to modify some of argus's behaviors for the 3.0
release and I'd like to get some feedback on what argus does
when you don't give it an interface to monitor.

Currently, argus opens the first interface that it finds, by using
pcap_lookupdev(buf).  That is what tcpdump() does, and so there
is some precedence.  However, there are alternatives.

The first could be that it prints out the possible interfaces and  
exists.  Argus
currently does this on Cygwin, because the interface names are so
hideous.

The second strategy is that it could open all the interfaces it finds.
This is an interesting scenario with its own issues (does argus
pool all the packets like the Linux "any" interface, or does it pass
into the flow modeler the interface id, which becomes a part of the
flow key)?

The third would be to do what it is doing right now (the zeroth strategy
I guess ;o).  My vote is to keep this behavior, and code up a change for
argus-3.1 but if the community has a strong opinion, then I'll make
a change.

Do we have a vote/opinion/reaction/suggestion/comment?

Carter