Ask Your Question
0

Capturing a pcap file and can't monitor it parallel on Wireshark permission denied.

asked 2022-05-05 14:35:31 +0000

A.G. gravatar image

Hello together,

is it possible to capture a .pcap file via C++(fopen, fwrite, fclose) and open it at the same time on Wireshark? I tried different way but it didn't helped. I want to try real time capturing with my Code and watch the results directly on Wireshark.

I would appreciate, if someone can give me a hint.

Best Regards, A.G.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-05-06 21:34:31 +0000

Guy Harris gravatar image

is it possible to capture a .pcap file via C++(fopen, fwrite, fclose) and open it at the same time on Wireshark?

At the same time that the program doing the capturing is writing to it?

That's not easy. When you open a file, Wireshark expects it to be complete, NOT a "work in progress" to which a program is writing packets while it's reading the file.

On a UN*X system, a somewhat clumsy mechanism to do this would be to:

  • write a program that has a loop that reads from the standard input, writes to the standard output, and, if it gets an EOF from the standard input, waits 1 second and then continues to try to read from the standard input;
  • create a FIFO file with mkfifo /tmp/fifo;
  • run wireshark -i /tmp/fifo -k;
  • run the capture program;
  • run the small program, with its standard input being the file to which the capture program is writing and its standard output being /tmp/fifo.

You would have to make sure that the account under which you run the small program has read permission on the file; if you are, for example, running the capture program as root, and it creates its output file as root, that file will be owned by root, and you will have to make sure that users other than root have read permission on the file.

On Windows, it's more complicated. You would have to:

  1. arrange that the capture program open its output file with sharing allowed;
  2. have the small program read its standard input and write its standard output in binary mode, not text mode;
  3. have the small program create a Windows named pipe and report its name;
  4. run the small program before you run Wireshark;
  5. run Wireshark as wireshark -i {name the small program reports} -k.
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2022-05-05 14:35:31 +0000

Seen: 636 times

Last updated: May 06 '22