Wireshark-dev: [Wireshark-dev] How could Wireshark write / read the pcap file simultaneously?
From: Aaron Lewis <the.warl0ck.1989@xxxxxxxxx>
Date: Wed, 2 Apr 2014 13:52:25 +0800
Hi,

>From what I know, it seems like dumpcap listens for traffic and record
everything
And the wireshark GUI read and parse that file. (Usually a file located in /tmp)

But,
1) how did wireshark know there's a new packet?
2) what happens if /tmp is full?

I'm not sure about the mechanism

-- 
Best Regards,
Aaron Lewis - PGP: 0x13714D33 - http://pgp.mit.edu/
Finger Print:   9F67 391B B770 8FF6 99DC  D92D 87F6 2602 1371 4D33