Wireshark-bugs: [Wireshark-bugs] [Bug 11370] Need dumpcap to be able to capture pcap-ng from a p
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 16 Jul 2015 19:01:16 +0000

changed bug 11370


What Removed Added
Hardware x86 All
Summary Dumpcap does not understand pcapng Need dumpcap to be able to capture pcap-ng from a pipe

Comment # 1 on bug 11370 from 
(In reply to Roland Knall from comment #0)
> We develop an extcap utility, which needs to send additional data with the
> trace engine for dissection. So far, the additional data has been stored as
> extra text files, but we would like to add it as comments to the trace.
> Comments means using pcapng as a file format.

If you're using pcap-ng, you could also define a new block type, if that would
be more useful.

> Dumpcap (and down-the-line tshark/wireshark I guess) does not understand
> pcapng and throws an error.

Presumably you're referring to capturing from a pipe, as that's the only place
where dumpcap *reads* a capture file.  It's certainly capable of *writing*
pcap-ng and, in fact, does that by default.

Wireshark and TShark can most definitely read pcap-ng files, and have been able
to do so for several releases now; it's been the default format for a while.

> Could be also a libpcap issue.

That's not a libpcap issue, as libpcap isn't used when capturing from a pipe.

You are receiving this mail because:
  • You are watching all bug changes.