Wireshark-users: Re: [Wireshark-users] newbie question, tshark input from stdin

From: Evan Huus <eapache@xxxxxxxxx>
Date: Mon, 3 Feb 2014 18:02:07 -0500
On Mon, Feb 3, 2014 at 5:43 PM, Christopher Maynard
<Christopher.Maynard@xxxxxxxxx> wrote:
> Evan Huus <eapache@...> writes:
>
>> The -i flag is for specifying a network interface for live capture (eg
>> eth0) and so doesn't accept "-" to signify stdin.
>
> The tshark man page[1] would disagree.  I just tested this with 1.10.5 and
> it worked as documented:

Whoops, yes, you're right, I made a false assumption.

> [user@host wireshark]$ capinfos -c file.pcap
> File name:           file.pcap
> Number of packets:   300
>
> [user@host wireshark]$ tshark -r file.pcap 2> /dev/null | wc -l
> 300
>
> [user@host wireshark]$ cat file.pcap | tshark -i - 2> /dev/null | wc -l
> 300
>
>
> [1]: http://www.wireshark.org/docs/man-pages/tshark.html
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe