Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: File formats that extcap programs can write

From: Roland Knall <rknall () gmail com>
Date: Sun, 21 Mar 2021 17:22:15 +0100
While correct as an answer, the main Limitation here is dumpcap. You would have to implement a mechanism to let dumpcap 
know which format to use for the internal pipe to the extcap interrace. DLT could be that. Pcapng has been on the 
wishlist for a very long time as a format

Kind regards 
Roland


Am 21.03.2021 um 15:53 schrieb Tomasz Moń <desowin () gmail com>:

On Sun, Mar 21, 2021 at 1:21 PM Martin Mathieson via Wireshark-dev
<wireshark-dev () wireshark org> wrote:

Can an extcap program write to a wiretap-supported file format other than pcap or pcapng?  A quick test (hack to 
file preamble and frames in extcap_example.py) suggests not..
Has it to do with synchronising whole frames being read at the wireshark end of the pipe?


Currently extcap is inherently bound to pcap. Currently extcaps
mention their DLT that determines link layer header type (as defined
at [1]) when they are being called with --extcap-dlts argument. When
you capture from extcap source, it is dumpcap that reads the pcap
stream that is written to the pipe by extcap.

To make extcap support different file types would would need to:
 * extend extcap interface with a method to let Wireshark know that
the extcap in question does not output pcap data
 * make dumpcap capable of at least passing the data from the pipe to Wireshark

[1] https://www.tcpdump.org/linktypes.html
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: