Read raw capture data from network socket...

asked 2020-09-10 17:56:29 +0000

Grimeton
1 ●1 ●1

Hi,

I was wondering if I can run Wireshark on Windows and make it listen on a network socket for incoming raw data that it then logs?

I have something like this in mind:

tcpdump -i hn0 -w - | nc $windows_host $port

And then the Windows' Wireshark just works with what it gets?

That would save me the daemon on that machine...

I've seen that Wireshark can do "pipes". Are those named pipes? Maybe I could get something going with socat in Cygwin that redirects to a named pipe?

Thanks!

edit retag flag offensive close merge delete

Comments

Have you looked at Windows Netcat or using nc on WSL (Windows Subsystem for Linux)?
Example here using nc on both ends.

Chuckc ( 2020-09-10 19:35:17 +0000 )edit

The part that puzzles me is how I get the data LIVE into Wireshark without storing it anywhere before... Else I could just store it into a file and copy the file over later.

Grimeton ( 2020-09-10 20:12:10 +0000 )edit

add a comment

Comments

Troubleshoot ncat and Windows firewall before piping to Wireshark.

image description

Chuckc ( 2020-09-10 21:15:50 +0000 )edit

Hello,

the last part is what was missing. I didn't know that Wireshark accepts stdin as "-" on the "-i" parameter.

Thanks!

KR,

Grimeton ( 2020-09-10 21:43:18 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Read raw capture data from network socket...

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Read raw capture data from network socket... edit

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Read raw capture data from network socket...