Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: [Wireshark-users] Reading tcpdump files while still sniffing

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Dominik Herrmann <domi@xxxxxxxxx>
Date: Sun, 09 Jul 2006 09:04:28 +0200

Hi all,

I am trying to access a tcpdump file created by
tcpdump -i /dev/eth0 -w dumpfile
with wireshark WHILE the dump is still running (and the file keeps growing).

Can wireshark "attach" to this file and report the packets as they are
written to the dumpfile?

Background: I want to set up 2-3 instances of Wireshark which read the
dumpfile but display only parts of the traffic by employing filters.

Are there other solutions?

Best regards,
Dominik
  • Follow-Ups:
    • Re: [Wireshark-users] Reading tcpdump files while still sniffing
      • From: Jeff Morriss
  • Prev by Date: Re: [Wireshark-users] ip.addr and ip.host
  • Next by Date: [Wireshark-users] Wireshark 0.99.2pre1 is available
  • Previous by thread: [Wireshark-users] Need help with Citrix' ICA protocol
  • Next by thread: Re: [Wireshark-users] Reading tcpdump files while still sniffing
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation