[EMAIL PROTECTED] wrote: > Hi everyone. > > I am currently working with Wireshark 0.99.5. > > I know that it is possible on Unix machines to let Wireshark read from a > pipe. I am not really sure if it is possible on Windows. > > For this reason I tried the following (of course I wrote a bit source code): > > - let wireshark capture from stdin: Wireshark.exe -k -i - > - let dumpcap write the file to stdout: dumpcap -i3 -w - > - create a Pipe with CreatePipe and when creating the processes, dumpcap gets > the write handle and wireshark the read handle of that pipe as the > corresponding output/input handles > > It works partly, but not completely: > - Wireshark gets started and listens on the standard input > - dumpcap gets started and writes to the standard output. It also receives > packets and flushes them to pipe > - when wireshark is processing the timer callback, it cannot find any data in > the pipe > > I can see the same effect if I use a named pipe like \\.\pipe\mypipe (with > the code enabled in capture_loop.c and rebuild Wireshark). > > If anyone succeeded in using pipes on Windows (no matter if named or not) > could you please give me the source code? Or is that just impossible because > of the sources? I cannot clearly say if this should work or not.
Wireshark reads data from dumpcap internally using CreatePipe(): http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/capture_sync.c Named pipes work on my test machine using the attached script.
#!/usr/bin/env python # Win32 Wireshark named pipes example # Requires Python for Windows and the Python for Windows Extensions: # http://www.python.org # http://sourceforge.net/projects/pywin32/ import win32pipe, win32file cf = open(r'c:\cygwin\tmp\pipetest.pcap', 'rb') p = win32pipe.CreateNamedPipe( r'\\.\pipe\wireshark', win32pipe.PIPE_ACCESS_OUTBOUND, win32pipe.PIPE_TYPE_MESSAGE | win32pipe.PIPE_WAIT, 1, 65536, 65536, 300, None) win32pipe.ConnectNamedPipe(p, None) data = cf.read() win32file.WriteFile(p, data)
_______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
