This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

End of file on pipe magic during open

0

I'm trying to pipe my android device's network traffic on wireshark, which is installed on my desktop.

Terminal 1

sudo ./adb shell "./data/local/tcpdump-armn -s 0 -v -w - | ./data/local/netcat -l -p 12345"

This would allow me to route the data to port number 12345 on the android device.

Terminal 2

sudo ./adb forward tcp:12345 tcp:54321 && netcat 127.0.0.1 54321 | wireshark -k -S -i -

This should allow me to send the data from port 12345 on the device to port 54321 on the desktop and then pipe it to wireshark.

But, on execution I get End of file on pipe magic during open in wireshark. How do I solve this issue?

asked 08 Oct '12, 02:49

Harshal%20Kshatriya's gravatar image

Harshal Ksha...
1112
accept rate: 0%


One Answer:

0

sudo ./adb shell "./data/local/tcpdump-armn -s 0 -v -w - | ./data/local/netcat -l -p 12345"

You cannot use netcat option -l and -p together. You should see an error message when running the above command.

The following command works on my system, HOWEVER beware that netcat (the OS) might not buffer enough data if it's a busy network and it takes to long to start the command in terminal 2!

sudo ./adb shell "./data/local/tcpdump-armn -s 0 -v -w - | ./data/local/netcat -l 12345"

You better do this:

Open a netcat server in terminal 2 (first!) and then send the output of tcpdump with netcat to that server.

Terminal 2 (first!)

sudo -l 12345 | wireshark -k -S -i -

Terminal 1 (second!)

sudo ./adb shell "./data/local/tcpdump-armn -s 0 -v -w - | ./data/local/netcat x.x.x.x 12345

Replace x.x.x.x with the IP address of your Wireshark system.

Regards
Kurt

answered 08 Oct '12, 11:35

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%