Re: Adding support for pcap-ng to dumpcap or reading from pipes

[Richard Sharpe <realrichardsharpe () gmail com>]

On Sat, May 12, 2012 at 4:10 PM, Guy Harris <guy () alum mit edu> wrote:
> On May 12, 2012, at 12:43 PM, Jakub Zawadzki wrote:
>
> > Do we really need to "capture" from pipes in dumpcap?
>
> I believe the ability to capture from a pipe was introduced in order to handle capturing from
> sources that libpcap/WinPcap don't handle (e.g., "ssh over to machine XXX and run tcpdump
> on it, capturing to the standard output" or "capture from some network type that libpcap
> doesn't (yet) handle") - a program that captures from that source and writes pcap output
> to its standard output could be used as a capture source.
>
> Ideally, that should be supported by libpcap/WinPcap, but "capture from a pipe" can be a
> useful workaround in cases where that hasn't yet been implemented.
>
> I.e., it wasn't done to support reading from a pipeline such as one that has a program that
> reads a capture file, transforms it, and writes it to its standard output, it was done for use
> in a true capture situation (so that, for example, Wireshark would need to write the packets
> to a file for examination at arbitrary times in the future).

A useful ability would be to be able to replace dumpcap via
command-line flags with a program that interfaces to wireshark in the
same way. Ie, it sends the capture as binary records out stdout and
writes commands/etc via stderr ...

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe