On May 12, 2012, at 12:43 PM, Jakub Zawadzki wrote: > Do we really need to "capture" from pipes in dumpcap?
I believe the ability to capture from a pipe was introduced in order to handle capturing from sources that libpcap/WinPcap don't handle (e.g., "ssh over to machine XXX and run tcpdump on it, capturing to the standard output" or "capture from some network type that libpcap doesn't (yet) handle") - a program that captures from that source and writes pcap output to its standard output could be used as a capture source. Ideally, that should be supported by libpcap/WinPcap, but "capture from a pipe" can be a useful workaround in cases where that hasn't yet been implemented. I.e., it wasn't done to support reading from a pipeline such as one that has a program that reads a capture file, transforms it, and writes it to its standard output, it was done for use in a true capture situation (so that, for example, Wireshark would need to write the packets to a file for examination at arbitrary times in the future). ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
