From dumpcap.c:
/*
* Determine if dumpcap is being requested to run in a special
* capture_child mode by going thru the command line args to see if
* a -Z is present. (-Z is a hidden option).
*
* The primary result of running in capture_child mode is that
* all messages sent out on stderr are in a special type/len/string
* format to allow message processing by type. These messages include
* error messages if dumpcap fails to start the operation it was
* requested to do, as well as various "status" messages which are sent
* when an actual capture is in progress, and a "success" message sent
* if dumpcap was requested to perform an operation other than a
* capture.
*
* Capture_child mode would normally be requested by a parent process
* which invokes dumpcap and obtains dumpcap stderr output via a pipe
* to which dumpcap stderr has been redirected. It might also have
* another pipe to obtain dumpcap stdout output; for operations other
* than a capture, that information is formatted specially for easier
* parsing by the parent process.
*
* Capture_child mode needs to be determined immediately upon
* startup so that any messages generated by dumpcap in this mode
* (eg: during initialization) will be formatted properly.
*/
In short, -Z is used when dumpcap is being called from (wire|t)shark to streamline inter-process communication.
answered 27 Apr '12, 03:57
SYN-bit ♦♦
17.1k●9●57●245
accept rate: 20%
Thx, should have thought of looking at the code. Duh... :-)
Use the source Luke... uhmmm... Jasper :-)
Yes Obi-SYN... err Obi-LAN. :-)
Actually, Laura is Obi and I'm Yoda... well, at least to some people :-)
(see: http://thenetworkguy.typepad.com/nau/2008/05/use-the-shell-l.html)
Okay... reading the source code I must, yes. :-)