ExtcapNet 1.0.0.4
dotnet add package ExtcapNet --version 1.0.0.4
NuGet\Install-Package ExtcapNet -Version 1.0.0.4
<PackageReference Include="ExtcapNet" Version="1.0.0.4" />
paket add ExtcapNet --version 1.0.0.4
#r "nuget: ExtcapNet, 1.0.0.4"
// Install ExtcapNet as a Cake Addin #addin nuget:?package=ExtcapNet&version=1.0.0.4 // Install ExtcapNet as a Cake Tool #tool nuget:?package=ExtcapNet&version=1.0.0.4
ExtcapNet
A small .NET standard library that implements the extcap interface for you.
How to include ExtcapNet in your project
There are 2 ways to add the ExtcapNet library to your project:
- Get it from NuGet
-or- - Download the code and add the ExtcapNet project (.csproj) to your solution
Quick Start
To use the extcap interface you'll need to use the ExtcapManager
class and it's 2 methods:
ExtcapManager.RegisterInterface()
- To add one or more capturable interfaces to Wireshark's listExtcapManager.Run()
- To perform the necessary API communication with Wireshark*
* Wireshark's extcap interface is based on invoking the plugin executable several
times at startup/when starting to capture with different command line arguments and
getting specific results in it's standard output.
The most basic usage for the library is provided in this example
static void Main(string[] args)
{
var extcap = new ExtcapManager();
extcap.RegisterInterface(displayName: "Dummy Interface Name",
producer: DummyPacketsProducer,
defaultLinkLayer: LinkLayerType.Ethernet);
// This will handle different invocations by wireshark
// When finally a capture command arrives this function blocks until 'DummyPacketsProducer'
// is done/wireshark stops the capturing.
extcap.Run(args);
}
static void DummyPacketsProducer(Dictionary<ConfigField, string> config, IPacketsPublisher publisher)
{
// In this function you should continuously read from your packets source
// and send them to Wireshark using the 'publisher' arg.
//
// To keep this example short, we'll simply generate some packets ourselves.
for (int i = 0; i < 10; i++)
{
byte[] newEtherPacket = new byte[14];
// Setting different first byte of every packet so we can tell them apart
newEtherPacket[0] = (byte)i;
publisher.Send(newEtherPacket);
}
}
This code should cover most basic cases.
The only real missing part from making this code a worthy plugin is replacing the body of the DummyPacketsProducer
function.
UDP Dump Look-alike Example
To demonstrate the convinience this library provides, take a look at the following example which attemps to mimik the udpdump.exe
plugin (bundled with Wireshark):
static void Main(string[] args)
{
var extcap = new ExtcapManager();
extcap.RegisterInterface(displayName: "Fake udpdump",
producer: FakeUdpDumpProducer,
defaultLinkLayer: LinkLayerType.Ethernet); // TODO: Only supports Ethernet inside UDP
extcap.Run(args);
}
static void FakeUdpDumpProducer(Dictionary<ConfigField, string> config, IPacketsPublisher publisher)
{
// Plugin specific logic: Wait for incoming UDP packets
// when one arrives, just forward it's entire payload as an Ethernet packet to Wireshark
UdpClient udpListener = new UdpClient(5555); // TODO: Port is hard-coded
IPEndPoint ipe = new IPEndPoint(0,0);
while(true) {
byte[] nextUdpPayload = udpListener.Receive(ref ipe);
publisher.Send(nextUdpPayload);
}
}
This example works but it is not a complete copy. udpdump
has a few more features which we are lacking.
For example, you can specify in the udpdump
's settings on which port to listen.
You can also specify the encapsulated protocol type so its dissector will be called by Wireshark.
To allow such flexability in ExtcapNet a deeper dive into the library is required.
ExtcapNet allows you to define "configuration fields" which Wireshark will render in
a special window for the users to configure the plugin (Like the ones udpdump and sshdump have).
To learn about configuration support, see the 'revemped udpdump example'
Compiling a single .exe (optional)
After you're done developing your plugin you'd want to use it in Wireshark.
To do so you need to copy everything from the compilation folder (/bin/debug or /bin/release)
to Wiresharks's 'extcaps' directory.
.NET projects commonly compile to several different files (dlls, exe, config, ...) and copying all
of those to the directory might make a mess.
Luckily, .NET core 3.1 supports single-file publishing which produces only 2 files: program.exe
and program.pdb
(A symbols file. Not necessary for execution).
To publish a single file you can use this command in Visual Studio's "Package Manager Console":
PM> dotnet publish -r win-x64 -c Debug /p:PublishSingleFile=true
(Adjust windows version and Debug/Release according to your needs)
Thanks
Shark, Puzzle icons icon by Icons8
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net5.0 was computed. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. |
.NET Core | netcoreapp2.0 was computed. netcoreapp2.1 was computed. netcoreapp2.2 was computed. netcoreapp3.0 was computed. netcoreapp3.1 was computed. |
.NET Standard | netstandard2.0 is compatible. netstandard2.1 was computed. |
.NET Framework | net461 was computed. net462 was computed. net463 was computed. net47 was computed. net471 was computed. net472 was computed. net48 was computed. net481 was computed. |
MonoAndroid | monoandroid was computed. |
MonoMac | monomac was computed. |
MonoTouch | monotouch was computed. |
Tizen | tizen40 was computed. tizen60 was computed. |
Xamarin.iOS | xamarinios was computed. |
Xamarin.Mac | xamarinmac was computed. |
Xamarin.TVOS | xamarintvos was computed. |
Xamarin.WatchOS | xamarinwatchos was computed. |
-
.NETStandard 2.0
- Haukcode.PcapngUtils (>= 1.3.20)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.