Wireshark-dev: Re: [Wireshark-dev] Feeding data to Wireshark in real time

From: kahou lei <kahou82@xxxxxxxxx>
Date: Wed, 17 Mar 2010 22:52:10 -0700
Hi Guy,

Thanks for you reply.

I don't understand what you mean by "giving the pathname of the named
pipe as the name of the network interface on which to capture". Can
you give me an example?

I have followed the c++ example on
http://wiki.wireshark.org/CaptureSetup/Pipes. I couldn't get it works.
Am I missing something here?

Thanks,
Kahou


From: Guy Harris <guy () alum mit edu>
Date: Tue, 16 Mar 2010 23:48:16 -0700
________________________________

On Mar 16, 2010, at 10:11 PM, Jaap Keuter wrote:

That's called a pipe.

To give some more detail:

if the application writes a pcap file (complete with file header!) to
a named pipe, you can have Wireshark or TShark
capture from that named pipe, by giving the pathname of the named pipe
as the name of the network interface on which to
capture.