Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

The link provided by @Chuckc provides some general information and further links.

Basically, Wireshark and Tshark expect the data to be presented as a stream/fifo/file in the right format.

Depending on your sniffer, you need to use the right "driver"/"extcap" to read your key and to convert it to this format.

Some "extcap" implementations have options that allow Wireshark to know what parameters the user can provide so that wireshark can propose them in its configuration popup for the extcap connector. In this case you can - with the right configuration - just click on the extcap listing in Wireshark which will launch the extcap tool and provide the fifo to which it should be writing.

Most extcap tools have a readme that will explain how to use it (which file to copy to the extcap directory, etc).