From e2b0140edb196d6a8cb08c65f112019ddf79a48f Mon Sep 17 00:00:00 2001 From: Gerald Combs Date: Fri, 29 Jul 2022 14:27:04 -0700 Subject: [PATCH] Docs: extcap man page fixups. --- doc/extcap.adoc | 38 +++++++++++--------------------------- 1 file changed, 11 insertions(+), 27 deletions(-) diff --git a/doc/extcap.adoc b/doc/extcap.adoc index 4d9d80e1e7..1f79568c99 100644 --- a/doc/extcap.adoc +++ b/doc/extcap.adoc @@ -32,7 +32,7 @@ called by the GUI in a row. In the following chapters we will refer to them as Extcaps may be any binary or script within the extcap directory. Please note, that scripts need to be executable without prefacing a script interpreter before the call. -WINDOWS USER: Because of restrictions directly calling the script may not always work. +WINDOWS USERS: Because of restrictions directly calling the script may not always work. In such a case, a batch file may be provided, which then in turn executes the script. Please refer to doc/extcap_example.py for more information. @@ -47,40 +47,22 @@ time and not have Wireshark trying to execute other file types. Grammar elements: arg (options):: -+ --- argument for CLI calling --- number:: -+ --- Reference # of argument for other values, display order --- call:: -+ --- Literal argument to call (--call=...) --- display:: -+ --- Displayed name --- default:: -+ --- Default value, in proper form for type --- range:: -+ --- Range of valid values for UI checking (min,max) in proper form --- type:: + @@ -133,20 +115,22 @@ Example 3: flag {failure=Permission denied opening Ubertooth device} Example 4: + arg {number=0}{call=--username}{display=Username}{type=string} arg {number=1}{call=--password}{display=Password}{type=password} Example 5: + arg {number=0}{call=--start}{display=Start Time}{type=timestamp} arg {number=1}{call=--end}{display=End Time}{type=timestamp} -== Security awareness +== Security Considerations -- Users running wireshark as root, we can't save you -- Dumpcap retains suid/setgid and group+x permissions to allow users in wireshark group only -- Third-party capture programs run w/ whatever privs they're installed with -- If an attacker can write to a system binary directory, we're game over anyhow -- Reference the folders tab in the wireshark->about information, to see from which directory extcap is being run +- If you're running Wireshark as root, we can't save you. +- Dumpcap retains suid/setgid and group execute permissions for users in the “wireshark” group only. +- Third-party capture programs run with whatever privileges they're installed with. +- If an attacker can write to a system binary directory, it's game over. +- You can find your local extcap directory in menu:About[Folders]. == SEE ALSO @@ -154,8 +138,8 @@ xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.htm == NOTES -*Extcap* is feature of *Wireshark*. The latest version -of *Wireshark* can be found at https://www.wireshark.org. +*Extcap* is feature of *Wireshark*. +The latest version of *Wireshark* can be found at https://www.wireshark.org. HTML versions of the Wireshark project man pages are available at https://www.wireshark.org/docs/man-pages.