Wireshark mailing list archives
Re: Adding support for pcap-ng to dumpcap or reading from pipes
From: Jakub Zawadzki <darkjames-ws () darkjames pl>
Date: Sun, 13 May 2012 21:16:05 +0200
On Sat, May 12, 2012 at 04:10:49PM -0700, Guy Harris wrote:
On May 12, 2012, at 12:43 PM, Jakub Zawadzki wrote:Do we really need to "capture" from pipes in dumpcap?I believe the ability to capture from a pipe was introduced in order to handle capturing from sources that libpcap/WinPcap don't handle (e.g., "ssh over to machine XXX and run tcpdump on it, capturing to the standard output" or "capture from some network type that libpcap doesn't (yet) handle") - a program that captures from that source and writes pcap output to its standard output could be used as a capture source.
I know why we should support reading from pipes, the question was rather: Why it's done in dumpcap? Why it's not done in wireshark (and wiretap)? I've thought that dumpcap is SETUID root program to capture packets from network interfaces. For pipes we don't need +s. And for named pipes +s can be dangerous :) But I forgot that dumpcap support capturing from multiple sources (which can be named pipes) and writting all packets to single file. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Adding support for pcap-ng to dumpcap or reading from pipes Richard Sharpe (May 07)
- Re: Adding support for pcap-ng to dumpcap or reading from pipes Jakub Zawadzki (May 12)
- Re: Adding support for pcap-ng to dumpcap or reading from pipes Richard Sharpe (May 12)
- Re: Adding support for pcap-ng to dumpcap or reading from pipes Guy Harris (May 12)
- Re: Adding support for pcap-ng to dumpcap or reading from pipes Richard Sharpe (May 12)
- Re: Adding support for pcap-ng to dumpcap or reading from pipes Jakub Zawadzki (May 13)
- Re: Adding support for pcap-ng to dumpcap or reading from pipes Jakub Zawadzki (May 12)