tcpdump mailing list archives
Re: reading a live pcap file in real time
From: Guy Harris <guy () alum mit edu>
Date: Tue, 3 Mar 2009 11:06:17 -0800
On Mar 2, 2009, at 3:42 PM, Giovanni Venturi wrote:
I'm using libpcap 3.9.8. I made a GUI application under KDE that when I ask to start sniffing packets from the network, than it starts another application(not a GUI) that captures all the packets and write them into a file.
Gee, there's a GTK+-based application that does the same thing; you might have heard of it.... :-)
Look at the source of the "dumpcap" program in Wireshark for an example of how to do the capture side of that. The secret is that it doesn't just write to the file and not communicate with the program on whose behalf it's capturing - every time it writes N packets to the file, it sends to Wireshark (or TShark) a message over a pipe indicating that it's written N more packets.
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- reading a live pcap file in real time Giovanni Venturi (Mar 03)
- Re: reading a live pcap file in real time Guy Harris (Mar 03)
- Re: reading a live pcap file in real time Guy Harris (Mar 03)
- <Possible follow-ups>
- reading a live pcap file in real time Giovanni Venturi (Mar 03)
- Re: reading a live pcap file in real time Guy Harris (Mar 03)