Hi, >From what I know, it seems like dumpcap listens for traffic and record everything And the wireshark GUI read and parse that file. (Usually a file located in /tmp)
But, 1) how did wireshark know there's a new packet? 2) what happens if /tmp is full? I'm not sure about the mechanism -- Best Regards, Aaron Lewis - PGP: 0x13714D33 - http://pgp.mit.edu/ Finger Print: 9F67 391B B770 8FF6 99DC D92D 87F6 2602 1371 4D33 ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
