Re: newbie question, tshark input from stdin

[Evan Huus <eapache () gmail com>]

On Mon, Feb 3, 2014 at 5:43 PM, Christopher Maynard
<Christopher.Maynard () gtech com> wrote:
> Evan Huus <eapache@...> writes:
>
> > The -i flag is for specifying a network interface for live capture (eg
> > eth0) and so doesn't accept "-" to signify stdin.
>
> The tshark man page[1] would disagree.  I just tested this with 1.10.5 and
> it worked as documented:

Whoops, yes, you're right, I made a false assumption.

> [user@host wireshark]$ capinfos -c file.pcap
> File name:           file.pcap
> Number of packets:   300
>
> [user@host wireshark]$ tshark -r file.pcap 2> /dev/null | wc -l
> 300
>
> [user@host wireshark]$ cat file.pcap | tshark -i - 2> /dev/null | wc -l
> 300
>
>
> [1]: http://www.wireshark.org/docs/man-pages/tshark.html
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe