1EXTCAP(4)                                                            EXTCAP(4)
2
3
4

NAME

6       extcap - The extcap interface
7

DESCRIPTION

9       The extcap interface is a versatile plugin interface that allows
10       external binaries to act as capture interfaces directly in Wireshark.
11       It is used in scenarios, where the source of the capture is not a
12       traditional capture model (live capture from an interface, from a pipe,
13       from a file, etc). The typical example is connecting esoteric hardware
14       of some kind to the main Wireshark application.
15
16       Without extcap, a capture can always be achieved by directly writing to
17       a capture file:
18
19           the-esoteric-binary --the-strange-flag --interface=stream1 --file dumpfile.pcap &
20           wireshark dumpfile.pcap
21
22       but the extcap interface allows for such a connection to be easily
23       established and configured using the Wireshark GUI.
24
25       The extcap subsystem is made of multiple extcap binaries that are
26       automatically called by the GUI in a row. In the following chapters we
27       will refer to them as "the extcaps".
28
29       Extcaps may be any binary or script within the extcap directory. Please
30       note, that scripts need to be executable without prefacing a script
31       interpreter before the call.
32
33       WINDOWS USER: Because of restrictions directly calling the script may
34       not always work. In such a case, a batch file may be provided, which
35       then in turn executes the script. Please refer to doc/extcap_example.py
36       for more information.
37
38       When Wireshark launches an extcap, it automatically adds its
39       installation path (c:\Program Files\Wireshark\) to the DLL search path
40       so that the extcap library dependencies can be found (it is not
41       designed to be launched by hand). This is done on purpose. There should
42       only be extcap programs (executable, python scripts, ...) in the extcap
43       folder to reduce the startup time and not have Wireshark trying to
44       execute other file types.
45

GRAMMAR ELEMENTS

47       Grammar elements:
48
49       arg (options)
50
51           argument for CLI calling
52
53       number
54
55           Reference # of argument for other values, display order
56
57       call
58
59           Literal argument to call (--call=...)
60
61       display
62
63           Displayed name
64
65       default
66
67           Default value, in proper form for type
68
69       range
70
71           Range of valid values for UI checking (min,max) in proper form
72
73       type
74
75           Argument type for UI filtering for raw, or UI type for selector:
76
77               integer
78               unsigned
79               long (may include scientific / special notation)
80               float
81               selector (display selector table, all values as strings)
82               boolean (display checkbox)
83               radio (display group of radio buttons with provided values, all values as strings)
84               fileselect (display a dialog to select a file from the filesystem, value as string)
85               multicheck (display a textbox for selecting multiple options, values as strings)
86               password (display a textbox with masked text)
87               timestamp (display a calendar)
88
89       value (options)
90
91               Values for argument selection
92               arg     Argument # this value applies to
93

EXAMPLES

95       Example 1:
96
97           arg {number=0}{call=--channel}{display=Wi-Fi Channel}{type=integer}{required=true}
98           arg {number=1}{call=--chanflags}{display=Channel Flags}{type=radio}
99           arg {number=2}{call=--interface}{display=Interface}{type=selector}
100           value {arg=0}{range=1,11}
101           value {arg=1}{value=ht40p}{display=HT40+}
102           value {arg=1}{value=ht40m}{display=HT40-}
103           value {arg=1}{value=ht20}{display=HT20}
104           value {arg=2}{value=wlan0}{display=wlan0}
105
106       Example 2:
107
108           arg {number=0}{call=--usbdevice}{USB Device}{type=selector}
109           value {arg=0}{call=/dev/sysfs/usb/foo/123}{display=Ubertooth One sn 1234}
110           value {arg=0}{call=/dev/sysfs/usb/foo/456}{display=Ubertooth One sn 8901}
111
112       Example 3:
113
114           arg {number=0}{call=--usbdevice}{USB Device}{type=selector}
115           arg {number=1}{call=--server}{display=IP address for log server}{type=string}{validation=(?:\d{1,3}\.){3}\d{1,3}}
116           flag {failure=Permission denied opening Ubertooth device}
117
118       Example 4: arg
119       {number=0}{call=--username}{display=Username}{type=string} arg
120       {number=1}{call=--password}{display=Password}{type=password}
121
122       Example 5: arg {number=0}{call=--start}{display=Start
123       Time}{type=timestamp} arg {number=1}{call=--end}{display=End
124       Time}{type=timestamp}
125

SECURITY AWARENESS

127       •   Users running wireshark as root, we can’t save you
128
129       •   Dumpcap retains suid/setgid and group+x permissions to allow users
130           in wireshark group only
131
132       •   Third-party capture programs run w/ whatever privs they’re
133           installed with
134
135       •   If an attacker can write to a system binary directory, we’re game
136           over anyhow
137
138       •   Reference the folders tab in the wireshark→about information, to
139           see from which directory extcap is being run
140

SEE ALSO

142       wireshark(1), tshark(1), dumpcap(1), androiddump(1), sshdump(1),
143       randpktdump(1)
144

NOTES

146       Extcap is feature of Wireshark. The latest version of Wireshark can be
147       found at https://www.wireshark.org.
148
149       HTML versions of the Wireshark project man pages are available at
150       https://www.wireshark.org/docs/man-pages.
151
152
153
154                                  2021-11-25                         EXTCAP(4)
Impressum