Александр Рожкевич wrote:
I'm working in Win.
I capture traffic by myself and writes it to file in libpcap format.
And i want to capture this file in real-time,i.e. if there are some
new packets is written to file, they have to appeare in ethereal
window.
In the sources writes:
case 'S': /* "Real-Time" mode: used for following file ala tail -f */
But really option "-S" don't work.
It works, but it doesn't do what you're assuming it does. It doesn't
follow an *arbitrary* file - it only follows files from the capture
child process, which it starts when you use the "-S" flag (and, in newer
versions, it *always* starts a capture child), and it has to receive
specific messages from a pipe to tell it that new packets have arrived.
The man page just says
-S Automatically update the packet display as packets are
coming in.
which is more accurate than the comment in the code, in that it doesn't
imply anything about reading an arbitrary capture file.
Or may be there are some other ways to solve my problem?
Why can't Ethereal capture the packets itself? Perhaps the ability to
capture on whatever device you're using should be added to libpcap, so
Ethereal - and all other libpcap-based applications - can use it.