Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: File formats that extcap programs can write

From: Tomasz Moń <desowin () gmail com>
Date: Sun, 21 Mar 2021 15:52:40 +0100
On Sun, Mar 21, 2021 at 1:21 PM Martin Mathieson via Wireshark-dev
<wireshark-dev () wireshark org> wrote:

Can an extcap program write to a wiretap-supported file format other than pcap or pcapng?  A quick test (hack to file 
preamble and frames in extcap_example.py) suggests not..
Has it to do with synchronising whole frames being read at the wireshark end of the pipe?


Currently extcap is inherently bound to pcap. Currently extcaps
mention their DLT that determines link layer header type (as defined
at [1]) when they are being called with --extcap-dlts argument. When
you capture from extcap source, it is dumpcap that reads the pcap
stream that is written to the pipe by extcap.

To make extcap support different file types would would need to:
  * extend extcap interface with a method to let Wireshark know that
the extcap in question does not output pcap data
  * make dumpcap capable of at least passing the data from the pipe to Wireshark

[1] https://www.tcpdump.org/linktypes.html
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: