Hi Jefferson, The command is useful for real-time captured packets? It means I had captured those packets from my LAN and transfer over internet to a remote server. In this server, I have all captured packets. The transfer is real-time. Now the question is how I can open those packets into Wireshark in real-time mode if I just open a file, that means I have to re-open the file many times? I would like it be done automatically!
----------------------------------------------------- Quan Doan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jefferson Ogata Sent: Monday, April 23, 2007 1:46 AM To: [email protected] Subject: Re: [tcpdump-workers] Sending captured packets to a virtual nic On 2007-04-22 16:50, Quan Doan wrote: > Hi all, > I have a problem. I had captured a lot packets from my box, which is a gateway > of a LAN. Those packets are sent back to me. Now I have those packets, I would > like to use the Ethereal for analyzing them. So, my idea is sending those > packets to a virtual NIC and the Ethereal will get those packets on the virtual > NIC as well. I would like to do that as real-time capturing. > Does anyone have idea and how to do that? If you're still using ethereal, stop and switch to wireshark. To answer your question: "wireshark -r pcap-file-containing-captured-traffic". Or just start wireshark with no arguments and go to the file menu to open your capture file. You don't need a virtual NIC. RTFM. -- Jefferson Ogata <[EMAIL PROTECTED]> NOAA Computer Incident Response Team (N-CIRT) <[EMAIL PROTECTED]> "Never try to retrieve anything from a bear."--National Park Service - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
smime.p7s
Description: S/MIME cryptographic signature
