Wireshark · Wireshark-users: Re: [Wireshark-users] newbie question, tshark input from stdin

Wireshark-users: Re: [Wireshark-users] newbie question, tshark input from stdin

From: Christopher Maynard <Christopher.Maynard@xxxxxxxxx>

Date: Tue, 4 Feb 2014 15:22:30 +0000 (UTC)

Evan Huus <eapache@...> writes:

> On Mon, Feb 3, 2014 at 5:43 PM, Christopher Maynard
> <Christopher.Maynard@...> wrote:
> > Evan Huus <eapache <at> ...> writes:
> >
> >> The -i flag is for specifying a network interface for live capture (eg
> >> eth0) and so doesn't accept "-" to signify stdin.
> >
> > The tshark man page[1] would disagree.  I just tested this with 1.10.5 and
> > it worked as documented:
> 
> Whoops, yes, you're right, I made a false assumption.

Does anyone know why dumpcap, tshark and Wireshark read from a pipe using
"-i -" and not "-r -"?  It seems more intuitive to me to use "-r" than "-i"
and it would match tcpdump's syntax[1].  I suppose either "-r -" or "-i -"
could be allowed?

- Chris

[1]: http://www.tcpdump.org/tcpdump_man.html

Follow-Ups:
- Re: [Wireshark-users] newbie question, tshark input from stdin
  - From: Jaap Keuter

References:
- [Wireshark-users] newbie question, tshark input from stdin
  - From: Lancashire, Pete
- Re: [Wireshark-users] newbie question, tshark input from stdin
  - From: Evan Huus
- Re: [Wireshark-users] newbie question, tshark input from stdin
  - From: Christopher Maynard
- Re: [Wireshark-users] newbie question, tshark input from stdin
  - From: Evan Huus

Prev by Date: Re: [Wireshark-users] SIP text to PCAP Possible?
Next by Date: [Wireshark-users] Double frame
Previous by thread: Re: [Wireshark-users] newbie question, tshark input from stdin
Next by thread: Re: [Wireshark-users] newbie question, tshark input from stdin
Index(es):
- Date
- Thread