Wireshark-dev: Re: [Wireshark-dev] Feeding data to Wireshark in real time

From: kahou lei <kahou82@xxxxxxxxx>
Date: Wed, 17 Mar 2010 23:03:50 -0700
Actually, I can add the named pipe in wireshark. But when I run the
c++ example on http://wiki.wireshark.org/CaptureSetup/Pipes. Wireshark
returns "Invalid libpcap format".

Does that mean the file header of the pcap file is incorrect? The pcap
file can be displayed on wireshark if I load it manually tho.

Thanks,
Kahou

On Wed, Mar 17, 2010 at 10:52 PM, kahou lei <kahou82@xxxxxxxxx> wrote:
> Hi Guy,
>
> Thanks for you reply.
>
> I don't understand what you mean by "giving the pathname of the named
> pipe as the name of the network interface on which to capture". Can
> you give me an example?
>
> I have followed the c++ example on
> http://wiki.wireshark.org/CaptureSetup/Pipes. I couldn't get it works.
> Am I missing something here?
>
> Thanks,
> Kahou
>
>
> From: Guy Harris <guy () alum mit edu>
> Date: Tue, 16 Mar 2010 23:48:16 -0700
> ________________________________
>
> On Mar 16, 2010, at 10:11 PM, Jaap Keuter wrote:
>
> That's called a pipe.
>
> To give some more detail:
>
> if the application writes a pcap file (complete with file header!) to
> a named pipe, you can have Wireshark or TShark
> capture from that named pipe, by giving the pathname of the named pipe
> as the name of the network interface on which to
> capture.
>