On Sun, Mar 24, 2002 at 12:35:09PM -0500, Charly Baker wrote:
> I am using pdumpq to capture output from the QUEUE target in iptables.
> The pdumpq docs suggest that the syntax:
>
> pdumpq - | tethereal -nr /dev/stdin
Tethereal does not support reading from pipes.
> Is there any way to make this work?
Not without modifying Tethereal to read from pipes.
This is a non-trivial project, as, currently, the code that Ethereal and
Tethereal use to read capture files reads parts of the file multiple
times, in order to support
1) automatically determining the type of a capture file;
2) in the case of libpcap files - the file format of tcpdump,
and the native format of Ethereal and Tethereal, and, I infer
from the tcpdump example, the output format of pdumpq -
automatically determining which of several different-but-the-
people-who-made-them-different-didn't-bother-giving-them-
different-magic-numbers flavors of libpcap file this is.
It could probably be done by buffering the input ourselves, but that's a
non-trivial project.
An alternative might be to support reading *only* standard libpcap files
from the pipe (which means that there's no guarantee that if you do
something such as
rsh {program} | tethereal -nr /dev/stdin
that it'll work, as the program might be running on a machine with a
different libpcap format).
Nobody is currently working on either project. I already have more
projects that I want to do than I can do immediately, and will not be
working on any such project any time soon.