| Bug ID |
8585
|
| Summary |
Add support for arbitrary capture sources
|
| Classification |
Unclassified
|
| Product |
Wireshark
|
| Version |
SVN
|
| Hardware |
All
|
| OS |
All
|
| Status |
UNCONFIRMED
|
| Severity |
Enhancement
|
| Priority |
Low
|
| Component |
Wireshark
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Build Information:
--
Wireshark uses an external program called dumpcap to enumerate capture
interfaces and perform packet capture. Dumpcap only supports capture via
libpcap/WinPcap or stdin. It would be amazingly useful to be able to capture
from other sources, such as a remote instance of tcpdump or dumpcap data via
SSH or a non-libpcap based capture source such as KisBee.
During packet capture Wireshark and dumpcap use single-letter control messages
to signal new capture files, send status and error messages, and to stop
capture. The interface dump and control messages aren't formally defined
outside of Wireshark's source code (sync_pipe.h).
The idea for "arbitrary capture sources" is to generalize this so that you can
substitute other programs or scripts for dumpcap. This would likely include
modifying or replacing the control language to make it more flexible and to
allow arbitrary configuration options to be passed between Wireshark and the
capture source, such as SSH credentials or a wireless interface channel.
Libraries or examples (e.g. for Python, Ruby, or bash) would be useful for
developers wishing to create their own capture sources. An obvious example is
for remote capture using SSH. Mike Kershaw (author of Kismet) and Michael
Ossmann (creator of the Ubertooth) are interested in support for Ubertooth,
Kismet drones, Kisbee, and Daisho as external capture sources.
You are receiving this mail because:
- You are watching all bug changes.