[Ulf Lamping <ulf.lamping@xxxxxx>]

Thomas Steffen wrote:

> I have done some cleanup on my patch to read a trace in real time from
> a spawned process.
>
> It supports remote tracing using a command like:
>
> ethereal -k -i '|ssh -l root hostname tcpdump -filter -i eth0'
>
> (note that you need to login without a password, because the child
> process does not have the tty. I recommend ssh-agent or ssh-askpass
> for that.)
>
> Of course you can do much more: read the trace from a TCP or UDP
> connection (using netcat), implement your own capture tools etc. The
> problems I mentioned with the previous patch should be sorted out, and
> it should compile (maybe even work?) on Windows.
>
> Please give it a try, and tell we whether you think it is useful. For
> me it is very helpful, so I would like to see it in the next version
> of Ethereal.
>
> I know that in theory this feature is already present, because
> Ethereal can read from a named pipe. But you have to restart the
> feeding process manually every time you start a new capture, which is
> a big nuisance.
>
> Thomas
>  
Hi Thomas!

I'm no unix/pipe expert, but I've done several changes in the capture 
code recently.

First of all, this won't work with Windows, as "/bin/sh" is not 
available and probably other things may also not work on Windows like the

g_spawn_async_with_pipes() call.


Even worse, this call isn't available in GLib 1.3, so it won't work on 
all unix like platforms we support either.

In general, I don't know if it's really a good idea to add just 
*another* way to read from a pipe.

In the end, what 's the difference to:

ssh -l root hostname tcpdump -filter -i eth0 | ethereal -k -i '-'

Again, I'm no expert on piping,

Regards, ULFL