Wireshark-dev: Re: [Wireshark-dev] Using pipes on Windows
From: Gerald Combs <[email protected]>
Date: Wed, 13 Jun 2007 10:44:27 -0700
[email protected] wrote:
> Hi everyone.
> I am currently working with Wireshark 0.99.5.
> I know that it is possible on Unix machines to let Wireshark read from a pipe. I am not really sure if it is possible on Windows.
> For this reason I tried the following (of course I wrote a bit source code):
> - let wireshark capture from stdin:      Wireshark.exe -k -i -
> - let dumpcap write the file to stdout:  dumpcap -i3 -w -
> - create a Pipe with CreatePipe and when creating the processes, dumpcap gets the write handle and wireshark the read handle of that pipe as the corresponding output/input handles
> It works partly, but not completely:
> - Wireshark gets started and listens on the standard input
> - dumpcap gets started and writes to the standard output. It also receives packets and flushes them to pipe
> - when wireshark is processing the timer callback, it cannot find any data in the pipe
> I can see the same effect if I use a named pipe like \\.\pipe\mypipe (with the code enabled in capture_loop.c and rebuild Wireshark).
> If anyone succeeded in using pipes on Windows (no matter if named or not) could you please give me the source code? Or is that just impossible because of the sources? I cannot clearly say if this should work or not.

Wireshark reads data from dumpcap internally using CreatePipe():

Named pipes work on my test machine using the attached script.
#!/usr/bin/env python

# Win32 Wireshark named pipes example
# Requires Python for Windows and the Python for Windows Extensions:
# http://www.python.org
# http://sourceforge.net/projects/pywin32/

import win32pipe, win32file

cf = open(r'c:\cygwin\tmp\pipetest.pcap', 'rb')

p = win32pipe.CreateNamedPipe(
    win32pipe.PIPE_TYPE_MESSAGE | win32pipe.PIPE_WAIT,
    1, 65536, 65536,
win32pipe.ConnectNamedPipe(p, None)

data = cf.read()
win32file.WriteFile(p, data)