Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Read raw capture data from network socket...


I was wondering if I can run Wireshark on Windows and make it listen on a network socket for incoming raw data that it then logs?

I have something like this in mind:

tcpdump -i hn0 -w - | nc $windows_host $port

And then the Windows' Wireshark just works with what it gets?

That would save me the daemon on that machine...

I've seen that Wireshark can do "pipes". Are those named pipes? Maybe I could get something going with socat in Cygwin that redirects to a named pipe?