Wireshark · Wireshark-dev: Re: [Wireshark-dev] PCAP-over-IP in Wireshark?

Wireshark-dev: Re: [Wireshark-dev] PCAP-over-IP in Wireshark?

From: Joerg Mayer <jmayer@xxxxxxxxx>

Date: Tue, 1 Feb 2022 16:38:39 +0100

On Tue, Feb 01, 2022 at 09:24:28AM -0600, chuck c wrote:
> "Replacing 127.0.0.1 with localhost didn't work for some reason though."
> 
> dumpcap (
> https://gitlab.com/wireshark/wireshark/-/blob/master/dumpcap.c#L1366) calls
> ws_socket_ptoa (
> https://gitlab.com/wireshark/wireshark/-/blob/master/wsutil/socket.h#L72)
> which expects an IP address.
> 
>  * Convert the strings ipv4_address:port or [ipv6_address]:port to a
>  * sockaddr object.
> 
> That matches the description on the wiki entry:
> https://wiki.wireshark.org/CaptureSetup/Pipes.md#tcp-socket
> "... using the -i TCP@<addr>[:port] option."
> 
> I'm not sure it's worth making a name resolution call. Maybe better to
> update the docs and usage to "<addr"> instead of "<host>"?

It probably makes sense: Using a resolver-call will handle ipv4 vs. ipv6 vs. name.

Kind regards
   Jörg

References:
- Re: [Wireshark-dev] PCAP-over-IP in Wireshark?
  - From: Guy Harris
- Re: [Wireshark-dev] PCAP-over-IP in Wireshark?
  - From: chuck c
- Re: [Wireshark-dev] PCAP-over-IP in Wireshark?
  - From: Erik Hjelmvik
- Re: [Wireshark-dev] PCAP-over-IP in Wireshark?
  - From: chuck c

Prev by Date: Re: [Wireshark-dev] PCAP-over-IP in Wireshark?
Next by Date: Re: [Wireshark-dev] PCAP-over-IP in Wireshark?
Previous by thread: Re: [Wireshark-dev] PCAP-over-IP in Wireshark?
Next by thread: Re: [Wireshark-dev] PCAP-over-IP in Wireshark?
Index(es):
- Date
- Thread