Skip to content

Latest commit

 

History

History

wireshark

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
Makefile
Makefile
 
 
README.md
README.md
 
 
ebpf.lua
ebpf.lua
 
 
ebpfdump.c
ebpfdump.c
 
 
pcapio.c
pcapio.c
 
 
pcapio.h
pcapio.h
 
 

README.md

Introduction

This is an extcap plugin that allows wireshark to capture system-generated events

Installation

Once you compiled this plugin you need to install it in the 'Extcap path' as specified in the wireshark Help menu

As of the ebpf.lua you need to copy it into ~/.wireshark/plugins/ to interpret eBPF events

Usage

Starting wireshark you will see a new interface named 'eBPF interface'. Select it, and start the packet capture.