Re: Adding pcap-ng pipe support to dumpcap

[Guy Harris <guy () alum mit edu>]

On Aug 30, 2017, at 4:58 PM, Stephen Donnelly <Stephen.Donnelly () endace com> wrote:

> At the very least extcap tools should be able to supply data in any format understood by wiretap, but since the 
> extcap data currently goes via dumpcap (maybe not sensible either?)

Perhaps not, indeed.

Currently, there's a protocol between dumpcap and {Wireshark,TShark} allowing dumpcap to tell *shark "I've appended N 
more packets to the capture file", to allow dumpcap to report errors and "here's another capture file" (if it's doing 
multiple files), etc..

If extcap programs were to speak that protocol when capturing, you could have the extcap programs behave similarly to 
dumpcap, writing packets directly to a file, and have *shark run the extcap program rather than running dumpcap.  I.e., 
make extcap programs act as substitutes for dumpcap.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe