Dominik Herrmann wrote: > Hi all, > > I am trying to access a tcpdump file created by > tcpdump -i /dev/eth0 -w dumpfile > with wireshark WHILE the dump is still running (and the file keeps growing). > > Can wireshark "attach" to this file and report the packets as they are > written to the dumpfile?
Unfortunately, no. (I say unfortunately because I, too, would like that functionality.) It may be possible to modify Wireshark to do that but so far no one has attempted or completed that task. > Background: I want to set up 2-3 instances of Wireshark which read the > dumpfile but display only parts of the traffic by employing filters. > > Are there other solutions? Hmmm, not that I can think of (other than doing all your filtering after the capture is done which is obviously not what you want). _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
