Wireshark · Wireshark-dev: Re: [Wireshark-dev] Extcap limitations?

[Roland Knall <rknall@xxxxxxxxx>]

Hello

extcap is a frontend for WS pipes. Therefore it strongly relies on the moment on the formates dumpcap supports on pipes, and that is only pcap atm.

There was talk and some movement in the direction of pcapng, and it is on my list of items to be implemented in the next free timeslot (and for WS 2.4) but so far, there is no patch which could be submitted.

If you have some ideas in this regard, feel free to implement them.

kind regards

Roland

On Thu, Dec 22, 2016 at 11:45 PM, ws <ws@xxxxxxx> wrote:

Hi all,

I have had a look at extcap in wireshark, it looks like dumpcap is being called to read from the FIFO which the excap binary writes to.

However, dumpcap is only able to read libpcap formats (not even pcapng) when reading from a pipe.

Shouldn't extcap support any arbitrary file format and/or determine the format on the fly by either specifying one in the extcap binary or via calling something like cf_open()?

Thanks and regards,
ws
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@wireshark.org?subject=unsubscribe