Ethereal-dev: Re: [ethereal-dev] tcpdump -w - | ethereal -S -- How?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxxxxx>
Date: Sat, 18 Sep 1999 11:11:57 -0700
> Now that it's built, I've yet to figure out the syntactic sugar to get
> ethereal to read a hot "tcpdump -w -" stream.  It sounds like that is what
> -S is for, but I've tried piping to ethereal's stdin,

Ethereal doesn't currently support reading from a pipe. 

(Some file types the Wiretap library it uses to read capture files
simply *can't* read from a pipe, as it's obliged to seek on them; others
it could read if the last of the forward "fseek()"s, if any, are
removed, and if it's changed to deduce the capture file type by, for
example, reading the first four bytes of the capture file once, and
using those to determine the type of the capture file - this might be
tricky with the Lucent/Ascend text dump files, though.)

"-S" is for getting Ethereal *itself* to create a subprocess to capture
and write to a file, and have the main process read from that file.