Wireshark · Ethereal-users: Re: [Ethereal-users] Getting Tethereal to read from a pipe

Ethereal-users: Re: [Ethereal-users] Getting Tethereal to read from a pipe

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Tue, 3 Jul 2001 12:39:17 -0700

On Tue, Jul 03, 2001 at 03:31:22PM -0400, Vincas Ciziunas wrote:
>   Could someone tell me what the difference between tethereal and ethereal
> is regarding opening a datafile as a pipe?

There is no difference; the code they use to read capture files does not
support reading from a pipe.

> I really want tethereal to read a pcap-style pipe.

Then you will have to modify all the modules in that library (in the
"wiretap" source directory) that seek backwards in the file in order to
perform various heuristics - heuristics required, for example, to
determine which one of the N different libpcap formats people have
created *without* bothering to give them all different magic numbers or
version numbers, sigh - to, instead, do their own buffering so that they
can look backwards in the data stream without actually doing an
"fseek()" on the stream, as there's no guarantee that "fseek()" works on
pipes.

Then you'll need to remove the test that currently rejects attempts to
open pipes.

Follow-Ups:
- Re: [Ethereal-users] Getting Tethereal to read from a pipe
  - From: Vincas Ciziunas

References:
- [Ethereal-users] Getting Tethereal to read from a pipe
  - From: Vincas Ciziunas

Prev by Date: [Ethereal-users] Getting Tethereal to read from a pipe
Next by Date: Re: [Ethereal-users] Getting Tethereal to read from a pipe
Previous by thread: [Ethereal-users] Getting Tethereal to read from a pipe
Next by thread: Re: [Ethereal-users] Getting Tethereal to read from a pipe
Index(es):
- Date
- Thread