 | 1 | initial version |
4.6. The “Manage Interfaces” Dialog Box
Wireshark can capture from a pipe. If the nc -k -l 8080 can write to a pipe or FIFO, Wireshark can read it.
The tshark man page has a little better description of the pipe syntax.
Pipe names should be either the name of a FIFO (named pipe) or "-" to read data from the standard input. On Windows systems, pipe names must be of the form "\.\pipe\pipename". Data read from pipes must be in standard pcapng or pcap format. Pcapng data must have the same endianness as the capturing host.
| | 2 | No.2 Revision |
4.6. The “Manage Interfaces” Dialog Box
Wireshark can capture from a pipe. If the nc -k -l 8080 can write to a pipe or FIFO, Wireshark can read it.
The tshark man page has a little better description of the pipe syntax.
Pipe names should be either the name of a FIFO (named pipe) or "-" to read data from the standard input. On Windows systems, pipe names must be of the form "\.\pipe\pipename". Data read from pipes must be in standard pcapng or pcap format. Pcapng data must have the same endianness as the capturing host.
mkfifo -m 777 /tmp/ws_fifo
nc -l 5555 > /tmp/ws_fifo
tcpdump -i 1 -w - | nc 127.0.0.1 5555
| | 3 | No.3 Revision |
4.6. The “Manage Interfaces” Dialog Box
Wireshark can capture from a pipe. If the nc -k -l 8080 can write to a pipe or FIFO, Wireshark can read it.
The tshark man page has a little better description of the pipe syntax.
Pipe names should be either the name of a FIFO (named pipe) or "-" to read data from the standard input. On Windows systems, pipe names must be of the form "\.\pipe\pipename". Data read from pipes must be in standard pcapng or pcap format. Pcapng data must have the same endianness as the capturing host.
mkfifo -m 777 /tmp/ws_fifo
nc -l 5555 > /tmp/ws_fifo
tcpdump -i 1 -w - | nc 127.0.0.1 5555
If you are adventurous, you could write your own extcap driver:
8.2. Adding Capture Interfaces And Log Sources Using Extcap
