Wireshark · Wireshark-dev: [Wireshark-dev] PcapNG format support for dumpcap

Wireshark-dev: [Wireshark-dev] PcapNG format support for dumpcap

From: Roland Knall <rknall@xxxxxxxxx>

Date: Thu, 16 Jul 2015 09:49:54 +0200

I've filed a bug report (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11370) for support in dumpcap and wireshark, to enable pcapng as a data format for capturing.

We would need this for an extcap interface, where we would use the packet comments to add additional information to each packet, as otherwise we wold have to write text files during capture, and these files are not forwarded correctly if a customer sends in a trace. Also we have to handle to data formats for the utility as of right now, which seems a little bit bloated.

My question therefore is, is anyone working on that, or are there reasons why not? If noone is working on this, could one of the main developers offer a guess on where to change the interfaces for this?

My guess so far after poking around in the code a little bit would be, that in dumpcap itself the change would not be that big, as it seems to pass through whatever it reads, after initially checking on the file format. The bigger changes have to be done on the other side of the capture pipe in the XXshark utilities.

regards,

Roland

Follow-Ups:
- Re: [Wireshark-dev] PcapNG format support for dumpcap
  - From: Guy Harris

Prev by Date: Re: [Wireshark-dev] Npcap 0.01 call for test about Windows loopback traffic capture feature
Next by Date: Re: [Wireshark-dev] Npcap 0.01 call for test about Windows loopback traffic capture feature
Previous by thread: [Wireshark-dev] FilterPackets on TCP Stream always filters conversation with ID=0
Next by thread: Re: [Wireshark-dev] PcapNG format support for dumpcap
Index(es):
- Date
- Thread