Wireshark · Wireshark-users: Re: [Wireshark-users] newbie question, tshark input from stdin

Wireshark-users: Re: [Wireshark-users] newbie question, tshark input from stdin

From: Christopher Maynard <Christopher.Maynard@xxxxxxxxx>

Date: Mon, 3 Feb 2014 22:43:53 +0000 (UTC)

Evan Huus <eapache@...> writes:

> The -i flag is for specifying a network interface for live capture (eg
> eth0) and so doesn't accept "-" to signify stdin. 

The tshark man page[1] would disagree.  I just tested this with 1.10.5 and
it worked as documented:

[user@host wireshark]$ capinfos -c file.pcap
File name:           file.pcap
Number of packets:   300

[user@host wireshark]$ tshark -r file.pcap 2> /dev/null | wc -l
300

[user@host wireshark]$ cat file.pcap | tshark -i - 2> /dev/null | wc -l
300


[1]: http://www.wireshark.org/docs/man-pages/tshark.html

Follow-Ups:
- Re: [Wireshark-users] newbie question, tshark input from stdin
  - From: Evan Huus

References:
- [Wireshark-users] newbie question, tshark input from stdin
  - From: Lancashire, Pete
- Re: [Wireshark-users] newbie question, tshark input from stdin
  - From: Evan Huus

Prev by Date: Re: [Wireshark-users] newbie question, tshark input from stdin
Next by Date: Re: [Wireshark-users] newbie question, tshark input from stdin
Previous by thread: Re: [Wireshark-users] newbie question, tshark input from stdin
Next by thread: Re: [Wireshark-users] newbie question, tshark input from stdin
Index(es):
- Date
- Thread