c-keel@xxxxxx wrote:
> Hi everyone.
>
> I am currently working with Wireshark 0.99.5.
>
> I know that it is possible on Unix machines to let Wireshark read from a pipe. I am not really sure if it is possible on Windows.
>
> For this reason I tried the following (of course I wrote a bit source code):
>
> - let wireshark capture from stdin: Wireshark.exe -k -i -
> - let dumpcap write the file to stdout: dumpcap -i3 -w -
> - create a Pipe with CreatePipe and when creating the processes, dumpcap gets the write handle and wireshark the read handle of that pipe as the corresponding output/input handles
>
> It works partly, but not completely:
> - Wireshark gets started and listens on the standard input
> - dumpcap gets started and writes to the standard output. It also receives packets and flushes them to pipe
> - when wireshark is processing the timer callback, it cannot find any data in the pipe
>
> I can see the same effect if I use a named pipe like \\.\pipe\mypipe (with the code enabled in capture_loop.c and rebuild Wireshark).
>
> If anyone succeeded in using pipes on Windows (no matter if named or not) could you please give me the source code? Or is that just impossible because of the sources? I cannot clearly say if this should work or not.
Wireshark reads data from dumpcap internally using CreatePipe():
http://anonsvn.wireshark.org/viewvc/viewvc.py/trunk/capture_sync.c
Named pipes work on my test machine using the attached script.
#!/usr/bin/env python
# Win32 Wireshark named pipes example
# Requires Python for Windows and the Python for Windows Extensions:
# http://www.python.org
# http://sourceforge.net/projects/pywin32/
import win32pipe, win32file
cf = open(r'c:\cygwin\tmp\pipetest.pcap', 'rb')
p = win32pipe.CreateNamedPipe(
r'\\.\pipe\wireshark',
win32pipe.PIPE_ACCESS_OUTBOUND,
win32pipe.PIPE_TYPE_MESSAGE | win32pipe.PIPE_WAIT,
1, 65536, 65536,
300,
None)
win32pipe.ConnectNamedPipe(p, None)
data = cf.read()
win32file.WriteFile(p, data)
