1EXTCAP(4)               The Wireshark Network Analyzer               EXTCAP(4)
2
3
4

NAME

6       extcap - The extcap interface
7

DESCRIPTION

9       The extcap interface is a versatile plugin interface that allows
10       external binaries to act as capture interfaces directly in wireshark.
11       It is used in scenarios, where the source of the capture is not a
12       traditional capture model (live capture from an interface, from a pipe,
13       from a file, etc). The typical example is connecting esoteric hardware
14       of some kind to the main wireshark app.
15
16       Without extcap, a capture can always be achieved by directly writing to
17       a capture file:
18
19           the-esoteric-binary --the-strange-flag --interface=stream1 --file dumpfile.pcap &
20           wireshark dumpfile.pcap
21
22       but the extcap interface allows for such a connection to be easily
23       established and configured using the wireshark GUI.
24
25       The extcap subsystem is made of multiple extcap binaries that are
26       automatically called by the GUI in a row. In the following chapters we
27       will refer to them as "the extcaps".
28
29       Extcaps may be any binary or script within the extcap directory. Please
30       note, that scripts need to be executable without prefacing a script
31       interpreter before the call. To go deeper into the extcap utility
32       development, please refer to README.extcap.
33
34       WINDOWS USER: Because of restrictions directly calling the script may
35       not always work.  In such a case, a batch file may be provided, which
36       then in turn executes the script. Please refer to doc/extcap_example.py
37       for more information.
38

GRAMMAR ELEMENTS

40       Grammar elements:
41
42       arg (options)
43           argument for CLI calling
44
45       number
46           Reference # of argument for other values, display order
47
48       call
49           Literal argument to call (--call=...)
50
51       display
52           Displayed name
53
54       default
55           Default value, in proper form for type
56
57       range
58           Range of valid values for UI checking (min,max) in proper form
59
60       type
61           Argument type for UI filtering for raw, or UI type for selector:
62
63               integer
64               unsigned
65               long (may include scientific / special notation)
66               float
67               selector (display selector table, all values as strings)
68               boolean (display checkbox)
69               radio (display group of radio buttons with provided values, all values as strings)
70               fileselect (display a dialog to select a file from the filesystem, value as string)
71               multicheck (display a textbox for selecting multiple options, values as strings)
72               password (display a textbox with masked text)
73               timestamp (display a calendar)
74
75       value (options)
76               Values for argument selection
77               arg     Argument # this value applies to
78

EXAMPLES

80       Example 1:
81
82           arg {number=0}{call=--channel}{display=Wi-Fi Channel}{type=integer}{required=true}
83           arg {number=1}{call=--chanflags}{display=Channel Flags}{type=radio}
84           arg {number=2}{call=--interface}{display=Interface}{type=selector}
85           value {arg=0}{range=1,11}
86           value {arg=1}{value=ht40p}{display=HT40+}
87           value {arg=1}{value=ht40m}{display=HT40-}
88           value {arg=1}{value=ht20}{display=HT20}
89           value {arg=2}{value=wlan0}{display=wlan0}
90
91       Example 2:
92
93           arg {number=0}{call=--usbdevice}{USB Device}{type=selector}
94           value {arg=0}{call=/dev/sysfs/usb/foo/123}{display=Ubertooth One sn 1234}
95           value {arg=0}{call=/dev/sysfs/usb/foo/456}{display=Ubertooth One sn 8901}
96
97       Example 3:
98
99           arg {number=0}{call=--usbdevice}{USB Device}{type=selector}
100           arg {number=1}{call=--server}{display=IP address for log server}{type=string}{validation=(?:\d{1,3}\.){3}\d{1,3}}
101           flag {failure=Permission denied opening Ubertooth device}
102
103       Example 4:
104           arg {number=0}{call=--username}{display=Username}{type=string}
105           arg {number=1}{call=--password}{display=Password}{type=password}
106
107       Example 5:
108           arg {number=0}{call=--start}{display=Start Time}{type=timestamp}
109           arg {number=1}{call=--end}{display=End Time}{type=timestamp}
110

Security awareness

112       - Users running wireshark as root, we can't save you
113       - Dumpcap retains suid/setgid and group+x permissions to allow users in
114       wireshark group only
115       - Third-party capture programs run w/ whatever privs they're installed
116       with
117       - If an attacker can write to a system binary directory, we're game
118       over anyhow
119       - Reference the folders tab in the wireshark->about information, to see
120       from which directory extcap is being run
121

SEE ALSO

123       wireshark(1), tshark(1), dumpcap(1), androiddump(1), sshdump(1),
124       randpktdump(1)
125

NOTES

127       Extcap is feature of Wireshark.  The latest version of Wireshark can be
128       found at <https://www.wireshark.org>.
129
130       HTML versions of the Wireshark project man pages are available at:
131       <https://www.wireshark.org/docs/man-pages>.
132
133
134
1353.0.5                             2019-10-30                         EXTCAP(4)
Impressum