Re: [Wireshark-dev] Extcap program based on extcap_example.py

Hi Timo. Yes, not compiled extcaps are to be placed in the extcap folder. Since you're not integrating into the wireshark building system, you don't have to handle cmake. From a working wireshark installation, just point out where the extcap folder is (have a look at the about dialog, in case you

[Wireshark-dev] Extcap program based on extcap_example.py

I am writing an extcap program building upon doc/extcap_example.py. - Shall extcap programs that do not need compilation also be placed in extcap/? - I am not very familiar with CMake and am struggling with getting the extcap program copied over to run/extcap/ by the build system. (For

[Wireshark-dev] extcap reloadable multicheck options

Hi, I've recently started working on an extcap tool. It has a few arguments that I'd like to be reloadable. I've got a reloadable selector that works well (i.e. the button appears in the Wireshark GUI and it functions correctly). I tried adding {reload=true} to a multicheck arg to no avail -

Re: [Wireshark-dev] Extcap Rust library

That is great. Would you mind sending a pull request mentioning the library in README.extcap? Currently we only provide the python example, and this is by design. But we should at least mention other implementations in the documentation. regards Roland Am Di., 30. Nov. 2021 um 07:28 Uhr schrieb

[Wireshark-dev] Extcap Rust library

Hi, I have released small library to help writing extcap plugins in Rust See https://crates.io/crates/extcap The shortest example is shown here https://docs.rs/extcap/0.3.0/extcap/ Few more real examples how to use it are also available in the repository. Best regards,   Tomas

Re: [Wireshark-dev] Extcap binaries on OSX

It's 'darwin' $ python Python 3.7.2 (v3.7.2:9a3ffc0492, Dec 24 2018, 02:44:43) [Clang 6.0 (clang-600.0.57)] on darwin Type "help", "copyright", "credits" or "license" for more information. >>> import sys; sys.platform 'darwin' Same on Python2.7. On Fri, Dec 20, 2019 at 3:17 AM Dario Lombardo

Re: [Wireshark-dev] Extcap binaries on OSX

Ok, thanks. And what does the python command "sys.platform" return? On Fri, Dec 20, 2019 at 11:46 AM Roland Knall wrote: > run/Wireshark.app/Contents/MacOS/extcap > > cheers > Roland > > Am Fr., 20. Dez. 2019 um 10:31 Uhr schrieb Dario Lombardo < > lom...@gmail.com>: > >> Hi, >> I'm trying to

Re: [Wireshark-dev] Extcap binaries on OSX

run/Wireshark.app/Contents/MacOS/extcap cheers Roland Am Fr., 20. Dez. 2019 um 10:31 Uhr schrieb Dario Lombardo : > Hi, > I'm trying to debug some CI jobs on OSX but I don't have a OSX machine. > I'm trying to find where the extcap binaries are put on OSX using cmake. > > Linux: run\extcap >

[Wireshark-dev] Extcap binaries on OSX

Hi, I'm trying to debug some CI jobs on OSX but I don't have a OSX machine. I'm trying to find where the extcap binaries are put on OSX using cmake. Linux: run\extcap Windows: run\RelWithDebInfo\extcap OSX: ? Any help? Thanks. Dario. -- Naima is online.

Re: [Wireshark-dev] extcap tools

On Mar 26, 2019, at 1:57 PM, Guy Harris wrote: > There is no way to list the full paths of extcap executables from the command > line; tshark -G plugins, which looks as if it's *intended* to be the > equivalent of About > Folders, lists only run-time-loadable-object and Lua > plugins, not

Re: [Wireshark-dev] extcap tools

On Mar 23, 2019, at 1:21 PM, Ross Jacobs wrote: > I am confused by differences in extcap between the CLI and the GUI. By > default (in 3.0.0 on both Windows, Macos), extcap tools are presented as > interfaces on the capture page. > And in TShark, they're presented in the list of devices

[Wireshark-dev] extcap tools

Hi All, I am confused by differences in extcap between the CLI and the GUI. By default (in 3.0.0 on both Windows, Macos), extcap tools are presented as interfaces on the capture page. [image: Screen Shot 2019-03-23 at 8.11.37 PM.png] *Questions* 1. In the Wireshark GUI, if you go to About >

Re: [Wireshark-dev] extcap command line parameter format

Yes, that was what I mean. > Am 29.07.2018 um 19:54 schrieb Guy Harris : > >> On Jul 29, 2018, at 8:52 AM, Roland Knall wrote: >> >> The main intent for extcap-version was to provide a way, so that we can >> change commands calling the utility without loosing compatibility to older >>

Re: [Wireshark-dev] extcap command line parameter format

Sorry for the late way-in. The main intent for extcap-version was to provide a way, so that we can change commands calling the utility without loosing compatibility to older utilities. Mainly to introduce or change commands, like we did with the toolbar. As main extcap development was done

Re: [Wireshark-dev] extcap command line parameter format

> On 27 Jul 2018, at 22:50, Guy Harris wrote: > > On Jul 27, 2018, at 10:40 AM, Guy Harris wrote: > >> Oh, and another thing not to do: >> >> Don't repurpose a command-line flag intended for one purpose for >> another unrelated purpose. >> >> For example, don't repurpose a

Re: [Wireshark-dev] extcap command line parameter format

On Jul 27, 2018, at 10:40 AM, Guy Harris wrote: > Oh, and another thing not to do: > > Don't repurpose a command-line flag intended for one purpose for > another unrelated purpose. > > For example, don't repurpose a command-line flag (for concreteness, let's > pick the hypothetical

Re: [Wireshark-dev] extcap command line parameter format

Oh, and another thing not to do: Don't repurpose a command-line flag intended for one purpose for another unrelated purpose. For example, don't repurpose a command-line flag (for concreteness, let's pick the hypothetical example of a flag called "--extcap-version"), intended for one

Re: [Wireshark-dev] extcap command line parameter format

On Jul 23, 2018, at 11:37 AM, Guy Harris wrote: > On Jul 20, 2018, at 10:12 AM, Jaap Keuter wrote: > >> Doesn’t this mean that all other command line parameters with values are to >> be generated with equal sign? > > It's a requirement for any parameter where the value is optional. > > It's

Re: [Wireshark-dev] extcap command line parameter format

On Jul 23, 2018, at 11:37 AM, Guy Harris wrote: > On Jul 20, 2018, at 10:12 AM, Jaap Keuter wrote: > >> If so this could require changes across the board, changes to documentation >> (docbook, man page) in the least. > > Yes. docbook/wsdg_src/WSDG_chapter_capture.asciidoc fixed in change

Re: [Wireshark-dev] extcap command line parameter format

On Jul 20, 2018, at 10:12 AM, Jaap Keuter wrote: > While having reviewed extcap documentation [Ref1] I was triggered by bug > 14982 [Ref2] (usbpcap no longer recognized in 2.9) concerning the addition of > --extcap-version parameter to the extcap command line. This stated that the > command

Re: [Wireshark-dev] extcap command line parameter format

Hi, Any insights from the extcap developers, Guy? Thanks, Jaap > On 20 Jul 2018, at 19:12, Jaap Keuter wrote: > > Hi, > > While having reviewed extcap documentation [Ref1] I was triggered by bug > 14982 [Ref2] (usbpcap no longer recognized in 2.9) concerning the addition of >

[Wireshark-dev] extcap command line parameter format

Hi, While having reviewed extcap documentation [Ref1] I was triggered by bug 14982 [Ref2] (usbpcap no longer recognized in 2.9) concerning the addition of --extcap-version parameter to the extcap command line. This stated that the command line parameter "--extcap-version=2.9” causes a problem

Re: [Wireshark-dev] Extcap version

On Mon, Feb 27, 2017 at 11:42 AM, Dario Lombardo wrote: > "help" seems to be in the same position: lives in extcap_info and in > extcap_interface at the same time. I don't think we need both: I hardly > figure out how we'd need to different help pages/files for 2

Re: [Wireshark-dev] Extcap version

With help I see it differently. It makes sense, that interfaces provided by the same tool may have different help pages, as they can have different parameters as well. Regarding those leaks, if you can send me some valgrind logs, I might close them while I am doing the other stuff? regards On

Re: [Wireshark-dev] Extcap version

Ok. Since I was on my way of cleaning up some leaks in extcap, I'll wait until you finish, maybe some of them will be gone. "help" seems to be in the same position: lives in extcap_info and in extcap_interface at the same time. I don't think we need both: I hardly figure out how we'd need to

Re: [Wireshark-dev] Extcap version

That is an early design flaw - still going strong to that very day. It stems from the fact, that the version query was introduced later on, and the interface list query basically covered that as well. Additionally, parsed extcap interfaces where not parsed on a tool (meaning executable) level, but

[Wireshark-dev] Extcap version

Hi In extcap structs I've found 2 entries for "version". In typedef struct _extcap_interface { gchar * call; gchar * display; gchar * version; gchar * help; gchar * extcap_path; extcap_sentence_type if_type; } extcap_interface; and typedef struct _extcap_info {

Re: [Wireshark-dev] extcap slowing down start of WS

k <wireshark-dev@wireshark.org> Subject: Re: [Wireshark-dev] extcap slowing down start of WS @Stiq - this is the plan going forward. But first, I need to fix the initial call to the interfaces on Windows, because there is an issue with stdin buffers on Windows and a large number of interfac

Re: [Wireshark-dev] extcap slowing down start of WS

@Stiq - this is the plan going forward. But first, I need to fix the initial call to the interfaces on Windows, because there is an issue with stdin buffers on Windows and a large number of interfaces. The register preferences call is a necessity, but the one in fill_in_local_interfaces could be

Re: [Wireshark-dev] extcap slowing down start of WS

On Tue, Jan 3, 2017 at 5:56 PM, Anders Broman wrote: > It now seems like extcap_register_preferences is the thing taking the > longest time when starting up Wireshark, at least on Window. One issue is that extcap_register_preferences is called before loading the

Re: [Wireshark-dev] extcap slowing down start of WS

I use Wireshark will all extcaps expect ssh-based (there is no libssh 0.6 for Ubuntu 12.04) and I think my Wireshark starts in 2s (to see interface list) - demon of speed (splash seems to be not required, but it is fine). What time Wireshark spends for extcaps? It is not matter with startup time

Re: [Wireshark-dev] extcap slowing down start of WS

Hi Anders, 2017-01-03 17:56 GMT+01:00 Anders Broman : > Hi, > > It now seems like extcap_register_preferences is the thing taking the > longest time when starting up Wireshark, at least on Window. > > Any one care to take a look? > Presumably this is because for each

[Wireshark-dev] extcap slowing down start of WS

Hi, It now seems like extcap_register_preferences is the thing taking the longest time when starting up Wireshark, at least on Window. Any one care to take a look? Regards Anders ___ Sent via:Wireshark-dev mailing list

Re: [Wireshark-dev] Extcap limitations?

Hello extcap is a frontend for WS pipes. Therefore it strongly relies on the moment on the formates dumpcap supports on pipes, and that is only pcap atm. There was talk and some movement in the direction of pcapng, and it is on my list of items to be implemented in the next free timeslot (and

[Wireshark-dev] Extcap limitations?

Hi all, I have had a look at extcap in wireshark, it looks like dumpcap is being called to read from the FIFO which the excap binary writes to. However, dumpcap is only able to read libpcap formats (not even pcapng) when reading from a pipe. Shouldn't extcap support any arbitrary file

[Wireshark-dev] Extcap DLTs

I'm working on a new extcap that will leverage randpkt-core to give wireshark a local random packet generator through randpktdump (the new extcap). I'm stucking with the DLTs part. The extcap must answer to the external call about which DLTs it can generate. Randpkt-core can generate 5 different

Re: [Wireshark-dev] Extcap DLTs

You could try USER0. The problem here is, that I have to register the extcap interface with the other interfaces at some point, and usually this happens way before the capture starts (at which point an extcap utility might know which DLT it could produce). Therefore I first ask the utility for all

Re: [Wireshark-dev] Extcap DLTs

On Tue, Nov 24, 2015 at 2:00 PM, Dario Lombardo wrote: > > Where is it defined? I can't compile something like > > g_print("dlt {number=%u}{name=%s}{display=%s}\n", USER0, > RANDPKT_EXTCAP_INTERFACE, wtap_encap_string(USER0)); > >From the python example in doc:

Re: [Wireshark-dev] Extcap DLTs

Why don't use Exported PDU DLT (poke Anders/Pascal...) ? On Tue, Nov 24, 2015 at 2:03 PM, Roland Knall wrote: > > > On Tue, Nov 24, 2015 at 2:00 PM, Dario Lombardo < > dario.lombardo...@gmail.com> wrote: > >> >> Where is it defined? I can't compile something like >> >>

Re: [Wireshark-dev] Extcap DLTs

On Tue, Nov 24, 2015 at 2:03 PM, Roland Knall wrote: > > Which bug are you referring to? > > Sorry... https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11733 ___ Sent via:Wireshark-dev mailing list

Re: [Wireshark-dev] Extcap DLTs

On Tue, Nov 24, 2015 at 12:55 PM, Roland Knall wrote: > You could try USER0. The problem here is, that I have to register the > extcap interface with the other interfaces at some point, and usually this > happens way before the capture starts (at which point an extcap utility >

Re: [Wireshark-dev] Extcap DLTs

On Tue, Nov 24, 2015 at 2:00 PM, Dario Lombardo wrote: > > > I don't like it very much... Having too many interfaces is not likeable. > Expecially when related to this bug > > https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11733 > > >> We actually provide a

Re: [Wireshark-dev] Extcap

Hello Dario, 1. What OS do you have? 2. Are you using "installed" Wireshark or from build source? (run from build-directory) I did quick test and I also do not see interfaces by dumpcap -D, but in Wireshark (Qt) I can see all of them. On 19 October 2015 at 14:30, Dario Lombardo

[Wireshark-dev] Extcap

I'm playing with extcap, but I can't make it fully work. I can run androiddump, and I can list the interfaces. # ./run/extcap/androiddump --extcap-interfaces interface {display=Android Logcat Main}{value=android-logcat-main-XX} interface {display=Android Logcat

Re: [Wireshark-dev] Extcap

Le 19 oct. 2015 2:30 PM, "Dario Lombardo" a écrit : > > I'm playing with extcap, but I can't make it fully work. > I can run androiddump, and I can list the interfaces. > > # ./run/extcap/androiddump --extcap-interfaces > interface {display=Android Logcat

Re: [Wireshark-dev] Extcap

Try to do: $ export WIRESHARK_RUN_FROM_BUILD_DIRECTORY=1 $ ./run/wireshark Check also your config.h (build directory): grep EXTCAP config.h I have something like that: #define EXTCAP_DIR "/pkg/wireshark/lib/wireshark/extcap/" #define HAVE_EXTCAP 1 On 19 October 2015 at 15:54, Dario Lombardo

Re: [Wireshark-dev] Extcap

3. Did you build your Wireshark with libpcap (aka do you have any other interfaces?) and extcap? I am building using cmake (ccmake), check that you have ENABLE_EXTCAP = ON. On 19 October 2015 at 15:02, Dario Lombardo wrote: > > > On Mon, Oct 19, 2015 at 2:39 PM,

Re: [Wireshark-dev] Extcap

On Mon, Oct 19, 2015 at 3:24 PM, Michal Labedzki wrote: > 3. Did you build your Wireshark with libpcap (aka do you have any > other interfaces?) Yes. I have eth0, lo, etc... > and extcap? I am building using cmake (ccmake), > check that you have ENABLE_EXTCAP = ON.

Re: [Wireshark-dev] Extcap

On Mon, Oct 19, 2015 at 2:39 PM, Michal Labedzki wrote: > Hello Dario, > > 1. What OS do you have? > ubuntu 14.04 64bit. > 2. Are you using "installed" Wireshark or from build source? (run from > build-directory) > Build from source, and run with

Re: [Wireshark-dev] Extcap

Hi 2 suggestions for you. First, is you initiate extcap via console, do you run it as root? And is wireshark running as non-root? If yo, you might need capture privileges as suggested by the wireshark wiki page. Second, yes the directories are not very intuitive. Usually if you run it from a

Re: [Wireshark-dev] Extcap

Looks like it's working now... I suppose that -DENABLE_EXTCAP=ON was the thing that made it work, and I got confused. Thanks everybody for your help. ___ Sent via:Wireshark-dev mailing list

Re: [Wireshark-dev] Extcap

On Mon, Oct 19, 2015 at 4:03 PM, Michal Labedzki wrote: > Try to do: > $ export WIRESHARK_RUN_FROM_BUILD_DIRECTORY=1 > $ ./run/wireshark > > Yes, it's what I usually do. > Check also your config.h (build directory): grep EXTCAP config.h > > I have something like

[Wireshark-dev] Extcap - more documentation please

Could the folks that now anything about extcap please add some more documentation, currently we just have the api doc, an old SharkFest presentation and the code as far as I know. Questions have come up on Ask Wireshark from time to time which seem to lead to an answer of use extcap, but when

Re: [Wireshark-dev] Extcap

Hi Configuration is not passed during consecutive starts via the interface list, or if you start from the main-screen. But they are shared if you restart the capture. Currently I am in the process of writing the limitations down, to further down the road write a wiki-page containing all

[Wireshark-dev] Extcap

I created an Extcap driver in Windows and noticed a few things: 1. Configuration is only passed if I launch interfaceSettings from opening Window. It is not saved or passed to driver every time. Is the driver supposed to save the last configuration passed to it? 2. My extcap driver is a

Re: [Wireshark-dev] Extcap

On 3 October 2014 15:30, mman...@netscape.net wrote: I created an Extcap driver in Windows and noticed a few things: 1. Configuration is only passed if I launch interfaceSettings from opening Window. It is not saved or passed to driver every time. Is the driver supposed to save the last

Re: [Wireshark-dev] Extcap

. -Original Message- From: Graham Bloice graham.blo...@trihedral.com To: Developer support list for Wireshark wireshark-dev@wireshark.org Sent: Fri, Oct 3, 2014 10:40 am Subject: Re: [Wireshark-dev] Extcap On 3 October 2014 15:30, mman...@netscape.net wrote: I created an Extcap driver in Windows

Re: [Wireshark-dev] Extcap

On Fri, Oct 3, 2014 at 5:17 PM, mman...@netscape.net wrote: Console App written in C(++) and not have the ugly console window pop up when you start capturing. If these are indeed intended limitations, than yes documenting on the Wiki would be a good start. This is the way how it works in

Re: [Wireshark-dev] Extcap

On Fri, Oct 3, 2014 at 10:16 PM, Tomasz Moń deso...@gmail.com wrote: On Fri, Oct 3, 2014 at 5:17 PM, mman...@netscape.net wrote: Console App written in C(++) and not have the ugly console window pop up when you start capturing. If these are indeed intended limitations, than yes documenting

Re: [Wireshark-dev] extcap grammar for checkbox treeview

Hello Tomasz, Thanks for this patch, but I have a question: It seems that you try to move some interfaces from interfaces list to one of interface. Why do not you add as much interfaces as you need? It seems to be similar case with Android: There is one devices (phone) connected by USB to

Re: [Wireshark-dev] extcap grammar for checkbox treeview

On Mon, Sep 22, 2014 at 8:54 AM, Michal Labedzki michal.labed...@tieto.com wrote: It seems that you try to move some interfaces from interfaces list to one of interface. Why do not you add as much interfaces as you need? It seems to be similar case with Android: There is one devices (phone)

Re: [Wireshark-dev] extcap grammar for checkbox treeview

Ok, so it is only additional filtering on specified interface. It is fine. By the way: do you have a plan to add some extcap tool or support into libpcap for usbpcap? It will be fine if user will have USB sniffing on Windows by defaults (out-of-box). On 22 September 2014 09:18, Tomasz Moń

Re: [Wireshark-dev] extcap grammar for checkbox treeview

On Mon, Sep 22, 2014 at 11:03 AM, Michal Labedzki michal.labed...@tieto.com wrote: Ok, so it is only additional filtering on specified interface. It is fine. By the way: do you have a plan to add some extcap tool or support into libpcap for usbpcap? It will be fine if user will have USB

Re: [Wireshark-dev] extcap grammar for checkbox treeview

On Tue, Sep 16, 2014 at 10:29 AM, Tomasz Moń deso...@gmail.com wrote: Is there anything like checkbox treeview currently in the works? Or could Mr. Someone propose a grammar for that and/or handle the implementation? Never fear, Mr. Someone is here! Multicheck was nearly exactly was I needed.

[Wireshark-dev] extcap grammar for checkbox treeview

Hello folks, Recent merge of extcap into Wireshark development tree got me thinking about improving USBPcap user experience. The idea is to allow user to select individual USB devices to capture from with the option to automatically capture from newly connected devices. I am thinking about