I am trying to figure out how to use the "capture from standard input"
feature mentioned in the Ethereal docs. Does this feature really work under
Windows? Can anyone give me an example of exactly what to use for the
"interface:"? I am trying to test whether this feature works or not by
redirecting capture output as follows:
>tethereal -w - | ethereal -k -i -
In other words, I am telling tethereal to dump raw libpcap formatted data to
standard output (which works as expected). The pipe operator redirects this
output to standard input of the command following (which I can also verify
is working, e.g. if I redirect to 'more'). I am using the -k option for
ethereal to start the capture session immediately, which works. But ethereal
seems totally unhappy with my using '-' as the interface name. It gives me
the same error message as any other unknown interface (e.g. if I used an
interface named 'foo').
The reason I am pursuing all of this is that I would like to run a
lightweight packet capture utility like tcpdump on remote machines and
transport the capture traffic back to my client machine (Windows - running
GUI Ethereal) and see the capture in real time. I know how to get the
traffic back to my client machine, and how to present that traffic as
'standard input' to a process, but none of that does me any good if the
'capture from standard input' feature of Ethereal doesn't work under
Windows.
I am running Windows XP, WinPcap3.1Beta3, Ethereal 0.10.5.
If I can figure this out I will post the solution here for everyone. I
appreciate any help!
Thanks,
Kevin Olree