1 | initial version |
is it possible to capture a .pcap file via C++(fopen, fwrite, fclose) and open it at the same time on Wireshark?
At the same time that the program doing the capturing is writing to it?
That's not easy. When you open a file, Wireshark expects it to be complete, NOT a "work in progress" to which a program is writing packets while it's reading the file.
On a UN*X system, a somewhat clumsy mechanism to do this would be to:
mkfifo /tmp/fifo
;wireshark -i /tmp/fifo -k
;/tmp/fifo
.You would have to make sure that the account under which you run the small program has read permission on the file; if you are, for example, running the capture program as root, and it creates its output file as root, that file will be owned by root, and you will have to make sure that users other than root have read permission on the file.
On Windows, it's more complicated. You would have to:
wireshark -i {name the small program reports} -k
.