<?xml version="1.0" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>extcap - The Wireshark Network Analyzer 3.0.3</title>
<link rel="stylesheet" href="ws.css" type="text/css" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:root@localhost" />
</head>
<body>
<h1 id="NAME">NAME</h1>
<p>extcap - The extcap interface</p>
<h1 id="DESCRIPTION">DESCRIPTION</h1>
<p>The extcap interface is a versatile plugin interface that allows external binaries to act as capture interfaces directly in wireshark. It is used in scenarios, where the source of the capture is not a traditional capture model (live capture from an interface, from a pipe, from a file, etc). The typical example is connecting esoteric hardware of some kind to the main wireshark app.</p>
<p>Without extcap, a capture can always be achieved by directly writing to a capture file:</p>
<pre><code> the-esoteric-binary --the-strange-flag --interface=stream1 --file dumpfile.pcap &
wireshark dumpfile.pcap</code></pre>
<p>but the extcap interface allows for such a connection to be easily established and configured using the wireshark GUI.</p>
<p>The extcap subsystem is made of multiple extcap binaries that are automatically called by the GUI in a row. In the following chapters we will refer to them as "the extcaps".</p>
<p>Extcaps may be any binary or script within the extcap directory. Please note, that scripts need to be executable without prefacing a script interpreter before the call. To go deeper into the extcap utility development, please refer to README.extcap.</p>
<p>WINDOWS USER: Because of restrictions directly calling the script may not always work. In such a case, a batch file may be provided, which then in turn executes the script. Please refer to doc/extcap_example.py for more information.</p>
<h1 id="GRAMMAR-ELEMENTS">GRAMMAR ELEMENTS</h1>
<p>Grammar elements:</p>
<dl>
<dt id="arg-options">arg (options)</dt>
<dd>
<p>argument for CLI calling</p>
</dd>
<dt id="number">number</dt>
<dd>
<p>Reference # of argument for other values, display order</p>
</dd>
<dt id="call">call</dt>
<dd>
<p>Literal argument to call (--call=...)</p>
</dd>
<dt id="display">display</dt>
<dd>
<p>Displayed name</p>
</dd>
<dt id="default">default</dt>
<dd>
<p>Default value, in proper form for type</p>
</dd>
<dt id="range">range</dt>
<dd>
<p>Range of valid values for UI checking (min,max) in proper form</p>
</dd>
<dt id="type">type</dt>
<dd>
<p>Argument type for UI filtering for raw, or UI type for selector:</p>
<pre><code> integer
unsigned
long (may include scientific / special notation)
float
selector (display selector table, all values as strings)
boolean (display checkbox)
radio (display group of radio buttons with provided values, all values as strings)
fileselect (display a dialog to select a file from the filesystem, value as string)
multicheck (display a textbox for selecting multiple options, values as strings)
password (display a textbox with masked text)
timestamp (display a calendar)</code></pre>
</dd>
<dt id="value-options">value (options)</dt>
<dd>
<pre><code> Values for argument selection
arg Argument # this value applies to</code></pre>
</dd>
</dl>
<h1 id="EXAMPLES">EXAMPLES</h1>
<p>Example 1:</p>
<pre><code> arg {number=0}{call=--channel}{display=Wi-Fi Channel}{type=integer}{required=true}
arg {number=1}{call=--chanflags}{display=Channel Flags}{type=radio}
arg {number=2}{call=--interface}{display=Interface}{type=selector}
value {arg=0}{range=1,11}
value {arg=1}{value=ht40p}{display=HT40+}
value {arg=1}{value=ht40m}{display=HT40-}
value {arg=1}{value=ht20}{display=HT20}
value {arg=2}{value=wlan0}{display=wlan0}</code></pre>
<p>Example 2:</p>
<pre><code> arg {number=0}{call=--usbdevice}{USB Device}{type=selector}
value {arg=0}{call=/dev/sysfs/usb/foo/123}{display=Ubertooth One sn 1234}
value {arg=0}{call=/dev/sysfs/usb/foo/456}{display=Ubertooth One sn 8901}</code></pre>
<p>Example 3:</p>
<pre><code> arg {number=0}{call=--usbdevice}{USB Device}{type=selector}
arg {number=1}{call=--server}{display=IP address for log server}{type=string}{validation=(?:\d{1,3}\.){3}\d{1,3}}
flag {failure=Permission denied opening Ubertooth device}</code></pre>
<p>Example 4: arg {number=0}{call=--username}{display=Username}{type=string} arg {number=1}{call=--password}{display=Password}{type=password}</p>
<p>Example 5: arg {number=0}{call=--start}{display=Start Time}{type=timestamp} arg {number=1}{call=--end}{display=End Time}{type=timestamp}</p>
<h1 id="Security-awareness">Security awareness</h1>
<dl>
<dt id="Users-running-wireshark-as-root-we-cant-save-you">- Users running wireshark as root, we can't save you</dt>
<dd>
</dd>
<dt id="Dumpcap-retains-suid-setgid-and-group-x-permissions-to-allow-users-in-wireshark-group-only">- Dumpcap retains suid/setgid and group+x permissions to allow users in wireshark group only</dt>
<dd>
</dd>
<dt id="Third-party-capture-programs-run-w-whatever-privs-theyre-installed-with">- Third-party capture programs run w/ whatever privs they're installed with</dt>
<dd>
</dd>
<dt id="If-an-attacker-can-write-to-a-system-binary-directory-were-game-over-anyhow">- If an attacker can write to a system binary directory, we're game over anyhow</dt>
<dd>
</dd>
<dt id="Reference-the-folders-tab-in-the-wireshark-about-information-to-see-from-which-directory-extcap-is-being-run">- Reference the folders tab in the wireshark->about information, to see from which directory extcap is being run</dt>
<dd>
</dd>
</dl>
<h1 id="SEE-ALSO">SEE ALSO</h1>
<p>wireshark(1), tshark(1), dumpcap(1), androiddump(1), sshdump(1), randpktdump(1)</p>
<h1 id="NOTES">NOTES</h1>
<p><b>Extcap</b> is feature of <b>Wireshark</b>. The latest version of <b>Wireshark</b> can be found at <a href="https://www.wireshark.org">https://www.wireshark.org</a>.</p>
<p>HTML versions of the Wireshark project man pages are available at: <a href="https://www.wireshark.org/docs/man-pages">https://www.wireshark.org/docs/man-pages</a>.</p>
</body>
</html>
distrib
>
Mageia
>
7
>
armv7hl
>
media
>
core-updates
>
by-pkgid
>
58b4f2117e1800ee077a588c1cb91599
>
files
>
57
