Hi Erik,
not sure if it fits your use case, but https://git.osmocom.org/osmo-pcap/
might be another option to look at. It's a combination of client and server
for aggregating packet captures from various probes (clients) around a network.
The protocol between client and server can be a custom,
On Tue, Feb 01, 2022 at 09:24:28AM -0600, chuck c wrote:
> "Replacing 127.0.0.1 with localhost didn't work for some reason though."
>
> dumpcap (
> https://gitlab.com/wireshark/wireshark/-/blob/master/dumpcap.c#L1366) calls
> ws_socket_ptoa (
>
"Replacing 127.0.0.1 with localhost didn't work for some reason though."
dumpcap (
https://gitlab.com/wireshark/wireshark/-/blob/master/dumpcap.c#L1366) calls
ws_socket_ptoa (
https://gitlab.com/wireshark/wireshark/-/blob/master/wsutil/socket.h#L72)
which expects an IP address.
* Convert the
Guy already has updated the documentation yesterday and today a bit on the
commandline. But the online manuals could be updated
Am Di., 1. Feb. 2022 um 13:15 Uhr schrieb Jaap Keuter :
> Hi,
>
> Cool that this works as intended / expected.
> All that is left now, as Guy indicated, is to document
Hi,
Cool that this works as intended / expected.
All that is left now, as Guy indicated, is to document this properly.
Chuck, feeling up to it? ;)
Thanks,
Jaap
> On 1 Feb 2022, at 12:18, Erik Hjelmvik wrote:
>
> Thank you Guy and Chuck!
>
> Adding a Pipe interface with the path
Thank you Guy and Chuck!
Adding a Pipe interface with the path "TCP@127.0.0.1:57012" worked, and so
did running "wireshark -k -i TCP@127.0.0.1:57012"! I've now verified that
this feature can be used to read PCAP from a TCP socket in both Windows and
Linux. This is exactly what I was hoping for!
https://wiki.wireshark.org/CaptureSetup/Pipes.md#tcp-socket
"A TCP stream is treated as like data from other pipes and the same
restrictions apply.
On each new connection the TCP server must send the header blocks as
specified by libpcap or pcapng before any packet captures.
TCP@ pipes may also
On Jan 31, 2022, at 4:56 AM, Erik Hjelmvik wrote:
> Is there some way to read PCAP-over-IP in Wireshark? I.e. read a PCAP stream
> over a TCP socket.
>
> Currently, the best solution to read PCAP-over-IP in Wireshark is by using
> netcat to read the PCAP stream and forward it to Wireshark's
That usecase is exactly what extcap was invented for. In your case, there
could be a small python or c application on the hosts side, which handles
the pipe management. Extcap is - in its essence - just a neat user
interface for configuring such pipe scenarios. So in your case, you could
provide
Thanks for the feedback Roland!
sshdump is indeed a neat way to capture packets from a remote machine. But
I'm afraid that extcap solution isn't quite what I'm looking for either. I
should have explained more in detail what I'm trying to achieve, so that
you folks would't have to guess. I
If udpdump is nothing for you, and you are able to run a capture tool like
tshark or tcpdump on the remote machine, you can take a look at sshdump. A
sibling of udpdump, it executes the remote capture program via ssh, and
then transports the data as-is through a ssh-connection. It can be seen as
a
Hi Dario,
Udpdump looks interesting, but I'm afraid it doesn't quite fulfill my
requirements. Wrapping captured packets inside of UDP packets or IP packets
(as in ERSPAN) to allow remote sniffing is an attractive solution, but it
comes with several drawbacks. Some of these drawbacks include
You can have a look at udpdump, which doesn't use TCP but UDP, but it may
fit your purpose.
On Mon, Jan 31, 2022 at 1:57 PM Erik Hjelmvik
wrote:
> Hello folks,
>
> Is there some way to read PCAP-over-IP in Wireshark? I.e. read a PCAP
> stream over a TCP socket.
>
> Currently, the best solution
13 matches
Mail list logo
