An extcap(4) plugin for Wireshark & friends which act as a wrapper around socat(1) to connect to something providing pcap formatted packets and to make it available for Wireshark.
This plugin adds new capture interfaces for Wireshark: tcp (host:port), vsock (cid:port), unix (soket_name), abstract (socket_name).
It connects 'socat' to the corresponding end point and expects a server able to send packets in pcap format.
-
Install socat on your system
-
Find your local extcap directory in Wireshark > About > Folders
- eg. '/usr/lib/x86_64-linux-gnu/wireshark/extcap/' (global)
- or '~/.local/lib/wireshark/extcap/' (user)
-
Copy 'extsocpcap.sh' there with the exec permission