Actually, I can add the named pipe in wireshark. But when I run the c++ example on http://wiki.wireshark.org/CaptureSetup/Pipes. Wireshark returns "Invalid libpcap format".
Does that mean the file header of the pcap file is incorrect? The pcap file can be displayed on wireshark if I load it manually tho. Thanks, Kahou On Wed, Mar 17, 2010 at 10:52 PM, kahou lei <[email protected]> wrote: > Hi Guy, > > Thanks for you reply. > > I don't understand what you mean by "giving the pathname of the named > pipe as the name of the network interface on which to capture". Can > you give me an example? > > I have followed the c++ example on > http://wiki.wireshark.org/CaptureSetup/Pipes. I couldn't get it works. > Am I missing something here? > > Thanks, > Kahou > > > From: Guy Harris <guy () alum mit edu> > Date: Tue, 16 Mar 2010 23:48:16 -0700 > ________________________________ > > On Mar 16, 2010, at 10:11 PM, Jaap Keuter wrote: > > That's called a pipe. > > To give some more detail: > > if the application writes a pcap file (complete with file header!) to > a named pipe, you can have Wireshark or TShark > capture from that named pipe, by giving the pathname of the named pipe > as the name of the network interface on which to > capture. > ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
