Wireshark · Wireshark-users: [Wireshark-users] Unrecognized libpcap format

Wireshark-users: [Wireshark-users] Unrecognized libpcap format

From: Phillip Heller <pheller@xxxxxx>

Date: Fri, 19 Dec 2008 18:55:37 +0100

Hello,

  I'm attempting to do a remote capture as follows:

mkfifo /tmp/pipe
ssh -t host "sudo tshark -w - not port 22" >> /tmp/pipe

Then, I fire up Wireshark [Version 1.1.2 (SVN Rev 27060), running onMac OS 10.5.6 linked against native GTK Quartz libraries. Point itat /tmp/pipe and start capture, at which point the ssh process promptsme for my password and I'm immediately told "Unrecognized libpcapformat".

I can cat the pipe and get the very same data I get running tsharklocally.


Any ideas?

--phil

Prev by Date: [Wireshark-users] How can I achieve this in wireshark/tshark (dual sniff WAN analysis) ?
Next by Date: [Wireshark-users] editcap and duplicate removal
Previous by thread: [Wireshark-users] How can I achieve this in wireshark/tshark (dual sniff WAN analysis) ?
Next by thread: [Wireshark-users] editcap and duplicate removal
Index(es):
- Date
- Thread