From: Guy Harris on Thursday, 31 August 2017 1:24 PM
> On Aug 30, 2017, at 4:58 PM, Stephen Donnelly <[email protected]>
> wrote:
>> At the very least extcap tools should be able to supply data in any format
>> understood by wiretap, but since the extcap data currently goes via dumpcap
>> (maybe not sensible either?)
>
> Perhaps not, indeed.
>
> Currently, there's a protocol between dumpcap and {Wireshark,TShark} allowing
> dumpcap to tell *shark "I've appended N more packets to the capture file", to
> allow dumpcap to report errors and "here's another capture file" (if it's
> doing multiple files), etc..
>
> If extcap programs were to speak that protocol when capturing, you could have
> the extcap programs behave similarly to dumpcap, writing packets directly to
> a file, and have *shark run the extcap program rather than running dumpcap.
> I.e., make extcap programs act as substitutes for dumpcap.
Agreed. In fact if extcap programs can talk directly to *shark, then dumpcap
becomes just another extcap program and not especially privileged.
Stephen
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
