[FR] rpcap over WebSocket #1540
Description
Modern systems usually provide REST-like API with HTTPS handled by a reverse proxy. To provide a plain socket for rpcap to which Wireshark can connect, such systems need to open a dedicated port on their firewall and configure the reverse proxy. If libpcap could connect to a WebSocket for rpcap:
- Server deployment issues above would be avoided.
- TLS on server side would be provided by the reverse proxy, which can be and usually is better tuned than TLS inside rpcapd.
- Client and server can use HTTP to negotiate rpcap version, the use of compression, etc.
Interface would be an URL like: wss+rpcap://...
Juniper has a similar feature for packet streaming via WebSocket: https://www.juniper.net/documentation/us/en/software/mist/automation-integration/topics/example/stream-device-pcap-with-websocket.html.
It is technically possible for the client to run a socket-to-websocket proxy (e.g. websocat), but it would be less convenient, and seldom possible in enterprise environments, where one can't install additional software quickly.