On Aug 30, 2017, at 4:58 PM, Stephen Donnelly <[email protected]>
wrote:
> At the very least extcap tools should be able to supply data in any format
> understood by wiretap, but since the extcap data currently goes via dumpcap
> (maybe not sensible either?)
Perhaps not, indeed.
Currently, there's a protocol between dumpcap and {Wireshark,TShark} allowing
dumpcap to tell *shark "I've appended N more packets to the capture file", to
allow dumpcap to report errors and "here's another capture file" (if it's doing
multiple files), etc..
If extcap programs were to speak that protocol when capturing, you could have
the extcap programs behave similarly to dumpcap, writing packets directly to a
file, and have *shark run the extcap program rather than running dumpcap.
I.e., make extcap programs act as substitutes for dumpcap.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
