Wireshark-users: [Wireshark-users] getting data from tcpdump to tshark
I would like to "stream" data from tcpdump to tshark
I'm running tcpdump on an interface and doing some pretty tight filtering on it. Occasionally, I would like to run tshark on the filtered stream of data. It seems less than ideal to have to capture on the interface again and repeat the filtering, rather than taking advantage of the fact that tcpdump has already done it for me.
But what is the best way to get my "stream" of filtered data from tcpdump to tshark? I would rather not write the data to disk. A fifo seemed like a good idea, but it falls down in that when I quit tshark it kills the original tcpdump.
I need to somehow have this "stream" of data available such that I can tap into as needed, but not have to worry about interrupting my original tcpdump job.
Any ideas?
