Hi everyone.
I am currently working with Wireshark 0.99.5.
I know that it is possible on Unix machines to let Wireshark read from a pipe. I am not really sure if it is possible on Windows.
For this reason I tried the following (of course I wrote a bit source code):
- let wireshark capture from stdin: Wireshark.exe -k -i -
- let dumpcap write the file to stdout: dumpcap -i3 -w -
- create a Pipe with CreatePipe and when creating the processes, dumpcap gets the write handle and wireshark the read handle of that pipe as the corresponding output/input handles
It works partly, but not completely:
- Wireshark gets started and listens on the standard input
- dumpcap gets started and writes to the standard output. It also receives packets and flushes them to pipe
- when wireshark is processing the timer callback, it cannot find any data in the pipe
I can see the same effect if I use a named pipe like \\.\pipe\mypipe (with the code enabled in capture_loop.c and rebuild Wireshark).
If anyone succeeded in using pipes on Windows (no matter if named or not) could you please give me the source code? Or is that just impossible because of the sources? I cannot clearly say if this should work or not.
Regards, Steve.
--
Psssst! Schon vom neuen GMX MultiMessenger gehört?
Der kanns mit allen: http://www.gmx.net/de/go/multimessenger