Skip to content

Wireshark and tshark 4.4.0 ignore extcap options specified on the command line

Summary

Wireshark 4.4.0 (at least on Windows) breaks the Edgeshark extcap and its feature to start capture from a web UI using URL handlers. Moving the existing extcap to the new undocumented extcap directory (see also #20040 (closed)) does not fix the broken extcap API contract of passing config args.

Steps to reproduce

  1. Install Wireshark 4.4.0 on Windows AMD64bit (not tested on Linux)
  2. Download the Edgeshark extcap installer archive http://github.com/siemens/cshargextcap/releases/download/v0.10.7/cshargextcap_0.10.7_windows_amd64.zip from our official Siemens Edgeshark Github repo, unpack the included files, and run the installer.
  3. Manually move the cshargextcap-amd64.exe extcap binary to the now Wireshark\extcap\wireshark location.
  4. Deploy Edgeshark to a Linux Docker host, including WSL2 using plain Docker or Docker Desktop: 
    wget -q --no-cache -O - \
  http://github.com/siemens/edgeshark/raw/main/deployments/wget/docker-compose-localhost.yaml \
  | DOCKER_DEFAULT_PLATFORM= docker compose -f - up
  5. Navigate to http://127.0.0.1:5001 or the appropriate host IP address of your Docker host running Edgeshark.
  6. Locate the edgeshark-gostwire-1 container, and the shark fin button next to the eth0 network interface. Click on this button and confirm session transfer to Wireshark. image

What is the current bug behavior?

The extcap API breaks because Wireshark 4.4.0 isn't passing the URL config arg to it.

image

Nota bene: the URL handler is registered to run Wireshark as follows, passing the essential URL argument as extcap.packetflix.url:

wireshark -k -i packetflix -o "extcap.packetflix.url:%1"

What is the expected correct behavior?

Capture starts and Wireshark does not break existing extcaps. In particular, it should not cause false error reports with other projects when users download installers for the wrong Wireshark version, causing strain and confusion on these projects and their user base.

Sample capture file

n/a

Relevant logs and/or screenshots

please see above.

Build information

Version 4.4.0 (v4.4.0-0-g009a163470b5).
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information