Wireshark mailing list archives

Re: PCAP-over-IP in Wireshark?

From: Joerg Mayer <jmayer () loplof de>
Date: Tue, 1 Feb 2022 16:38:39 +0100

On Tue, Feb 01, 2022 at 09:24:28AM -0600, chuck c wrote:

"Replacing 127.0.0.1 with localhost didn't work for some reason though."

dumpcap (
https://gitlab.com/wireshark/wireshark/-/blob/master/dumpcap.c#L1366) calls
ws_socket_ptoa (
https://gitlab.com/wireshark/wireshark/-/blob/master/wsutil/socket.h#L72)
which expects an IP address.

 * Convert the strings ipv4_address:port or [ipv6_address]:port to a
 * sockaddr object.

That matches the description on the wiki entry:
https://wiki.wireshark.org/CaptureSetup/Pipes.md#tcp-socket
"... using the -i TCP@<addr>[:port] option."

I'm not sure it's worth making a name resolution call. Maybe better to
update the docs and usage to "<addr"> instead of "<host>"?


It probably makes sense: Using a resolver-call will handle ipv4 vs. ipv6 vs. name.

Kind regards
   Jörg
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Re: PCAP-over-IP in Wireshark? Erik Hjelmvik (Feb 01)
- Re: PCAP-over-IP in Wireshark? Jaap Keuter (Feb 01)
  - Re: PCAP-over-IP in Wireshark? Roland Knall (Feb 01)
- Re: PCAP-over-IP in Wireshark? chuck c (Feb 01)
  - Re: PCAP-over-IP in Wireshark? Joerg Mayer (Feb 01)
- <Possible follow-ups>
- Re: PCAP-over-IP in Wireshark? Harald Welte (Feb 01)