I am attempting to use tshark to read pcap(ng) files while redirecting the raw packets to a named pipe. From there my C++ application is intended to read data from the named pipe and do custom processing.
Here is the problem. Whenever I attempt to configure tshark to write to a named pipe, it throws me the following error:
tshark: The file "//./pipe/test_pipe" could not be created because an invalid filename was specified.
This is an example command used to run tshark (read 2 packets from PCAP file, send to named-pipe as raw packets):
tshark.exe -r C:\git\example.pcapng -c 2 -w //./pipe/test_pipe
I am creating the named pipe from my application before calling Wireshark, using the code below:
HANDLE pipe_h = CreateNamedPipe(TEXT("//./pipe/test_pipe"),PIPE_ACCESS_DUPLEX, PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT, 1, 1024 * 16, 1024 * 16, NMPWAIT_USE_DEFAULT_WAIT, NULL);
Furthermore, I can see that tshark throws a different error if I do not create the pipe before calling tshark.
tshark: The path to the file "//./pipe/test_pipe" doesn't exist
So this tells me that tshark is finding the named pipe, but not liking it for some reason. I also know that tshark is doing something with the named pipe before throwing the error, because the ConnectNamedPipe from my custom app succeeds once I run the tshark command.
The workflow described above works perfectly fine in Ubuntu.
What am I missing? Is this for some reason not supported in Windows?