/usr/share/wireshark/extcap.html is in libwireshark-data 2.4.5-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 | <?xml version="1.0" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>extcap - The Wireshark Network Analyzer 2.4.5</title>
<link rel="stylesheet" href="ws.css" type="text/css" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:root@localhost" />
</head>
<body>
<h1 id="NAME">NAME</h1>
<p>extcap - The extcap interface</p>
<h1 id="DESCRIPTION">DESCRIPTION</h1>
<p>The extcap interface is a versatile plugin interface that allows external binaries to act as capture interfaces directly in wireshark. It is used in scenarios, where the source of the capture is not a traditional capture model (live capture from an interface, from a pipe, from a file, etc). The typical example is connecting esoteric hardware of some kind to the main wireshark app.</p>
<p>Without extcap, a capture can always be achieved by directly writing to a capture file:</p>
<pre><code> the-esoteric-binary --the-strange-flag --interface=stream1 --file dumpfile.pcap &
wireshark dumpfile.pcap</code></pre>
<p>but the extcap interface allows for such a connection to be easily established and configured using the wireshark GUI.</p>
<p>The extcap subsystem is made of multiple extcap binaries that are automatically called by the GUI in a row. In the following chapters we will refer to them as "the extcaps".</p>
<p>Extcaps may be any binary or script within the extcap directory. Please note, that scripts need to be executable without prefacing a script interpreter before the call. To go deeper into the extcap utility development, please refer to README.extcap.</p>
<p>WINDOWS USER: Because of restrictions directly calling the script may not always work. In such a case, a batch file may be provided, which then in turn executes the script. Please refer to doc/extcap_example.py for more information.</p>
<h1 id="GRAMMAR-ELEMENTS">GRAMMAR ELEMENTS</h1>
<p>Grammar elements:</p>
<dl>
<dt id="arg-options">arg (options)</dt>
<dd>
<p>argument for CLI calling</p>
</dd>
<dt id="number">number</dt>
<dd>
<p>Reference # of argument for other values, display order</p>
</dd>
<dt id="call">call</dt>
<dd>
<p>Literal argument to call (--call=...)</p>
</dd>
<dt id="display">display</dt>
<dd>
<p>Displayed name</p>
</dd>
<dt id="default">default</dt>
<dd>
<p>Default value, in proper form for type</p>
</dd>
<dt id="range">range</dt>
<dd>
<p>Range of valid values for UI checking (min,max) in proper form</p>
</dd>
<dt id="type">type</dt>
<dd>
<p>Argument type for UI filtering for raw, or UI type for selector:</p>
<pre><code> integer
unsigned
long (may include scientific / special notation)
float
selector (display selector table, all values as strings)
boolean (display checkbox)
radio (display group of radio buttons with provided values, all values as strings)
fileselect (display a dialog to select a file from the filesystem, value as string)
multicheck (display a textbox for selecting multiple options, values as strings)
password (display a textbox with masked text)
timestamp (display a calendar)</code></pre>
</dd>
<dt id="value-options">value (options)</dt>
<dd>
<pre><code> Values for argument selection
arg Argument # this value applies to</code></pre>
</dd>
</dl>
<h1 id="EXAMPLES">EXAMPLES</h1>
<p>Example 1:</p>
<pre><code> arg {number=0}{call=--channel}{display=Wi-Fi Channel}{type=integer}{required=true}
arg {number=1}{call=--chanflags}{display=Channel Flags}{type=radio}
arg {number=2}{call=--interface}{display=Interface}{type=selector}
value {arg=0}{range=1,11}
value {arg=1}{value=ht40p}{display=HT40+}
value {arg=1}{value=ht40m}{display=HT40-}
value {arg=1}{value=ht20}{display=HT20}
value {arg=2}{value=wlan0}{display=wlan0}</code></pre>
<p>Example 2:</p>
<pre><code> arg {number=0}{call=--usbdevice}{USB Device}{type=selector}
value {arg=0}{call=/dev/sysfs/usb/foo/123}{display=Ubertooth One sn 1234}
value {arg=0}{call=/dev/sysfs/usb/foo/456}{display=Ubertooth One sn 8901}</code></pre>
<p>Example 3:</p>
<pre><code> arg {number=0}{call=--usbdevice}{USB Device}{type=selector}
arg {number=1}{call=--server}{display=IP address for log server}{type=string}{validation=(?:\d{1,3}\.){3}\d{1,3}}
flag {failure=Permission denied opening Ubertooth device}</code></pre>
<p>Example 4: arg {number=0}{call=--username}{display=Username}{type=string} arg {number=1}{call=--password}{display=Password}{type=password}</p>
<p>Example 5: arg {number=0}{call=--start}{display=Start Time}{type=timestamp} arg {number=1}{call=--end}{display=End Time}{type=timestamp}</p>
<h1 id="Security-awareness">Security awareness</h1>
<dl>
<dt id="Users-running-wireshark-as-root-we-cant-save-you">- Users running wireshark as root, we can't save you</dt>
<dd>
</dd>
<dt id="Dumpcap-retains-suid-setgid-and-group-x-permissions-to-allow-users-in-wireshark-group-only">- Dumpcap retains suid/setgid and group+x permissions to allow users in wireshark group only</dt>
<dd>
</dd>
<dt id="Third-party-capture-programs-run-w-whatever-privs-theyre-installed-with">- Third-party capture programs run w/ whatever privs they're installed with</dt>
<dd>
</dd>
<dt id="If-an-attacker-can-write-to-a-system-binary-directory-were-game-over-anyhow">- If an attacker can write to a system binary directory, we're game over anyhow</dt>
<dd>
</dd>
<dt id="Reference-the-folders-tab-in-the-wireshark-about-information-to-see-from-which-directory-extcap-is-being-run">- Reference the folders tab in the wireshark->about information, to see from which directory extcap is being run</dt>
<dd>
</dd>
</dl>
<h1 id="SEE-ALSO">SEE ALSO</h1>
<p>wireshark(1), tshark(1), dumpcap(1), androiddump(1), sshdump(1), randpktdump(1)</p>
<h1 id="NOTES">NOTES</h1>
<p><b>Extcap</b> is feature of <b>Wireshark</b>. The latest version of <b>Wireshark</b> can be found at <a href="https://www.wireshark.org">https://www.wireshark.org</a>.</p>
<p>HTML versions of the Wireshark project man pages are available at: <a href="https://www.wireshark.org/docs/man-pages">https://www.wireshark.org/docs/man-pages</a>.</p>
</body>
</html>
|