Re: Sending captured packets to a virtual nic

["Quan Doan" <quan () infinity-security com>]

Hi Jefferson,
The command is useful for real-time captured packets? It means I had
captured those packets from my LAN and transfer over internet to a remote
server. In this server, I have all captured packets. The transfer is
real-time. Now the question is how I can open those packets into Wireshark
in real-time mode if I just open a file, that means I have to re-open the
file many times? I would like it be done automatically!

-----------------------------------------------------
Quan Doan

-----Original Message-----
From: tcpdump-workers-owner () lists tcpdump org
[mailto:tcpdump-workers-owner () lists tcpdump org] On Behalf Of Jefferson
Ogata
Sent: Monday, April 23, 2007 1:46 AM
To: tcpdump-workers () lists tcpdump org
Subject: Re: [tcpdump-workers] Sending captured packets to a virtual nic

On 2007-04-22 16:50, Quan Doan wrote:
> Hi all,
> I have a problem. I had captured a lot packets from my box, which is a
gateway
> of a LAN. Those packets are sent back to me. Now I have those packets, I
would
> like to use the Ethereal for analyzing them. So, my idea is sending those
> packets to a virtual NIC and the Ethereal will get those packets on the
virtual
> NIC as well. I would like to do that as real-time capturing.
> Does anyone have idea and how to do that?

If you're still using ethereal, stop and switch to wireshark.

To answer your question: "wireshark -r
pcap-file-containing-captured-traffic". Or just start wireshark with no
arguments and go to the file menu to open your capture file.

You don't need a virtual NIC. RTFM.

-- 
Jefferson Ogata <Jefferson.Ogata () noaa gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt () noaa gov>
"Never try to retrieve anything from a bear."--National Park Service
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Attachment: smime.p7s
Description: