Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Wireshark-users: Re: [Wireshark-users] Reading tcpdump files while still sniffing

Date Index Thread Index Other Months All Mailing Lists

Date Prev Date Next Thread Prev Thread Next

From: Jeff Morriss <jeff.morriss@xxxxxxxxxxx>
Date: Tue, 11 Jul 2006 10:16:59 +0800



Dominik Herrmann wrote:

Hi all,

I am trying to access a tcpdump file created by
tcpdump -i /dev/eth0 -w dumpfile
with wireshark WHILE the dump is still running (and the file keeps growing).

Can wireshark "attach" to this file and report the packets as they are
written to the dumpfile?

Unfortunately, no. (I say unfortunately because I, too, would like thatfunctionality.) It may be possible to modify Wireshark to do that butso far no one has attempted or completed that task.

Background: I want to set up 2-3 instances of Wireshark which read the
dumpfile but display only parts of the traffic by employing filters.

Are there other solutions?

Hmmm, not that I can think of (other than doing all your filtering afterthe capture is done which is obviously not what you want).

Follow-Ups:
- Re: [Wireshark-users] Reading tcpdump files while still sniffing
  - From: Sake Blok

References:
- [Wireshark-users] Reading tcpdump files while still sniffing
  - From: Dominik Herrmann

Prev by Date: [Wireshark-users] Wireshark 0.99.2pre1 is available
Next by Date: Re: [Wireshark-users] Reading tcpdump files while still sniffing
Previous by thread: [Wireshark-users] Reading tcpdump files while still sniffing
Next by thread: Re: [Wireshark-users] Reading tcpdump files while still sniffing
Index(es):
- Date
- Thread