Evan Huus <eapache@...> writes:
> The -i flag is for specifying a network interface for live capture (eg
> eth0) and so doesn't accept "-" to signify stdin.
The tshark man page[1] would disagree. I just tested this with 1.10.5 and
it worked as documented:
[user@host wireshark]$ capinfos -c file.pcap
File name: file.pcap
Number of packets: 300
[user@host wireshark]$ tshark -r file.pcap 2> /dev/null | wc -l
300
[user@host wireshark]$ cat file.pcap | tshark -i - 2> /dev/null | wc -l
300
[1]: http://www.wireshark.org/docs/man-pages/tshark.html