This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

wireshark standardin and pcapng format.

0

I'm trying to send a pcapng format file to wireshark standard in or a named pipe, but I continue to get an error "unrecognized libcap format. Is there still a problem reading this type file through this interface?

My command looks like this:

cat capture_NG.pcap | wireshark -k -i -

I've also tried:

wireshark -k -i <(cat capture_NG.pcap)

asked 22 Apr '14, 16:54

siber's gravatar image

siber
11112
accept rate: 0%


One Answer:

0

From the wireshark man page: http://www.wireshark.org/docs/man-pages/wireshark.html

Data read from pipes must be in standard libpcap format.

Wireshark cannot read pcap-ng files from STDIN (or pipes in general). So, please convert your pcan-ng capture file to libpcap format (you can use editcap). Then you should be able to pipe the file into Wireshark.

However: The way you are using the file, you don't need a pipe at all. You can just read the capture file directly into Wireshark.

wireshark -nr capture_NG.pcap

Regards
Kurt

answered 23 Apr '14, 11:53

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 23 Apr '14, 11:53