 | 1 | initial version |
Interesting...
So have you tested how fast Wireshark can capture when not using a pipe? I don't think anyone is going to know the answer to Q.1 or Q.4 - you'd have to try that yourself.
To my knowledge, not a lot of people capture via pipes. Keep in mind that when doing a live capture from a NIC dumpcap does the capture, writes it to a file, and then tells Wireshark/tshark "hey there are more packets in the file for you to read". That's why Anders suggested writing the packets to a file (like dumpcap).
Have you looked at using the ExtCap interface instead?
