--- Begin Message ---
Hello Experts,
I am writing one utility for one of my project, where currently I create pcap
file by dumping packets information capturing through raw socket. But now I am
planning to do it same as "tcpdump -i eth0 -w - | wireshark -k -i -" does,
simply write to stdout and then I can pipe it to remote machine wireshark so
that I can have live capture over there.
Currently I am doing like this, to capture packets to file, and it is working
fine. I can open file into wireshark as expected.
write(fileno(fp), &pcapfh, 24);
write(fileno(fp), &pcaphdr, sizeof(pcaphdr));
write(fileno(fp), pkt_ptr, bytes_to_write);
But when I start dump to stdout, as below, it does not work. Wireshark not able
to open live capture.
write(fileno(stdout), &pcapfh, 24);
write(fileno(stdout), &pcaphdr, sizeof(pcaphdr));
write(fileno(stdout), pkt_ptr, bytes_to_write);
For example - sshpass -p 'bnpBDE1LmA868lEKa9eQ.0' ssh -o
StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null r...@remote-host.com
/sbin/tcpdump -i eth0 -w - 'not port 22' | wireshark -k -i -My goal is to
capture packets from remote-host.com to my local machine with live capture, as
per above example.
If anybody can help me to understand format requirement to dump to stdout, so
that wireshark can understand live capture, that would be great help.
Br,Tejaskumar Kasundra+91 9004015850
--- End Message ---
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
