"stream" data from tcpdump

[Gilgamesh Enkidu <ether.header () googlemail com>]

I would like to "stream" data from tcpdump to another application.

I'm running tcpdump on an interface and doing some pretty tight filtering on
it.  Occasionally, I would like to run another tool (eg. snort, tshark) on
the filtered stream of data.  It seems less than ideal to have to run the
other tool on the interface and repeat the filtering, rather than taking
advantage of the fact that tcpdump has already done it for me.

But what is the best way to get my "stream" of filtered data from tcpdump to
my other tool?  I would rather not write the data to disk.  A fifo seemed
like a good idea, but it falls down in that when I quit my second tool it
kills the original tcpdump.

I need to somehow have this "stream" of data available that I can tap into
as needed, and not have to worry about interrupting my original tcpdump job.

Any ideas?
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.