My specific contexts is related to debugging misbehavior on Zigbee networks that happens when one is not looking, and allow at the same time to do real time debugging (remotely). The capturing hardware would be located on a small linux system like a Raspberry Pi, Beagleboard, Olimex or other Linux based "embedded" system.
More generally, the question is about how to log captured packets to a file while allowing a remote connection at the same time. Logging packets to files by itself is also a well-known methodology. To limit the log sizes, history and make it easier to get the appropriate log, the log files would be "rotated" every hour for example.
Doing both at the same time requires a "trick" that I did not identify yet.
This is what I observed/deducted with as less than 100% level of certainty: - "sshdump" allows to connect to a "FIFO" on a remote system. Data read from the FIFO is gone forever once it is read. - Only one connection can be made to a "FIFO" at a time. - As far as I could see the external capturing tool sends a header identifying the nature of the stream which also has to be added to the log file.
Any hint?
