[Ulf Lamping <ulf.lamping@xxxxxx>]

Thomas Steffen wrote:

> It is not very prominent in the documentation, but Ethereal can real 
> libpcap format data from a named pipe. You specify the name of the 
> pipe instead of the device to capture from. Note that the name may not 
> contain spaces. (And I assume you already figured out the format, 
> which seems to be an undocumented de facto standard :-) ).
I've documented the libpcap file format (at least the most recent and 
common version) some days (weeks?) ago here: 
http://wiki.ethereal.com/Development/LibpcapFileFormat
So it's no longer undocumented ;-)

> I wrote a patch a few weeks ago that can spawn a child process from 
> which the data is read. However, I do not know enought about Windows 
> to make it work there. If someone gives me a hand, I would be prepared 
> to work on that issue.
I don't know much about pipe support on Windows, but I know from some 
source code comments, that it is somehow crippled at least in the win9x 
versions.
I'm currently very busy (pile of bugs to fix in bugzilla), so I 
currently won't have much time to help you on this.
However, I've added a page about the possible ways to add unknown packet 
input in general http://wiki.ethereal.com/Development/PacketInput and 
about capturing from pipes http://wiki.ethereal.com/CaptureSetup/Pipes 
to the wiki. The pipe page would really need some more information (a 
lot of XXX). You might add some info there, to make a start for a better 
documentation :-)
Regards, ULFL