I am right now writing a pcap file to save all packets, as soon as I receive. Then I am opening that pcap into wireshark using
Also when I provide the pcap file, and after running the command if I append packets in the file would wireshark analyse them also?
Thank you very much.
asked 24 Jul '13, 10:07
Well, you don't have to call dumpcap, as that's just the capturing process to generate a pcap data stream, that is piped to Wireshark. So, basically what you need to do in your program is similar to this.
tcpdump writes a data stream (pcap data structure) to STDOUT (-w -). That output is piped to STDIN of Wireshark (-i -).
So, in your c++ program the part of tcpdump is obsolete, as you create the packets yourself. So here is the way to go.
answered 25 Jul '13, 11:23
Kurt Knochner ♦
When running a live capture, Wireshark actually runs dumpcap to do the capturing which then pipes the packets into the Wireshark process, maybe you could use that technique.
answered 24 Jul '13, 10:19