On Oct 24, 2008, at 1:47 AM, KaZ wrote:
Do you think that printing 2 processes simultaneously into a pipe
could be a reason for this error?
Yes. In fact, I very strongly suspect that it's the reason for the
error.
You have two process writing (I wouldn't call it "printing", as it's
writing binary data) to a single pipe, which means that you will get
buffers full of data from the two processes intermingled.
Libpcap format consists of a fixed-length per-file header, followed by
a sequence of fixed-length per-packet headers followed immediately by
the packet data.
Packet boundaries don't necessarily correspond to buffer boundaries,
and even if they did, there would be no guarantee that you won't get
part of one packet written into the middle of another packet if you
have two instances of libpcap writing to the same pipe (or the same
file).
Can wireshark read and merge
from 2 pipes at once?
No, it cannot. You'd have to run two separate instances of Wireshark,
reading from two separate instances of tcpdump, via two different FIFOs.