On Sat, May 12, 2012 at 4:10 PM, Guy Harris <g...@alum.mit.edu> wrote: > > On May 12, 2012, at 12:43 PM, Jakub Zawadzki wrote: > >> Do we really need to "capture" from pipes in dumpcap? > > I believe the ability to capture from a pipe was introduced in order to > handle capturing from > sources that libpcap/WinPcap don't handle (e.g., "ssh over to machine XXX and > run tcpdump > on it, capturing to the standard output" or "capture from some network type > that libpcap > doesn't (yet) handle") - a program that captures from that source and writes > pcap output > to its standard output could be used as a capture source. > > Ideally, that should be supported by libpcap/WinPcap, but "capture from a > pipe" can be a > useful workaround in cases where that hasn't yet been implemented. > > I.e., it wasn't done to support reading from a pipeline such as one that has > a program that > reads a capture file, transforms it, and writes it to its standard output, it > was done for use > in a true capture situation (so that, for example, Wireshark would need to > write the packets > to a file for examination at arbitrary times in the future).
A useful ability would be to be able to replace dumpcap via command-line flags with a program that interfaces to wireshark in the same way. Ie, it sends the capture as binary records out stdout and writes commands/etc via stderr ... -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操) ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
