I have managed to make a program that feeds packets to Wireshark through a named pipe. It can detect that Wireshark has stopped/restarted the capture, because writing fails. It can then reopen the pipe, so Wireshark can receive packets when it starts capturing again. What I want is the same, but for when my application restarts. My question is: What does Wireshark do when a named pipe is closed from the server side. Does (can) it recognize this, and is there any way to make Wireshark receive packets on the same pipe, from a new instance of the feeding program, without restarting the capture? I basically want the same functionality with pipes as with network interfaces. This is on Windows 7. asked 29 Oct '13, 10:49  oyv |
One Answer:
It stops capturing.
The only way to tell the running instance of Wireshark to start capturing again, is by clicking on the appropriate button/menus in the GUI. By doing so, you will either loose the old capture data or you'll have to save them to a file. The GUI will ask you what to do after you requested a capture restart. Tested on Linux, but it's the same on Windows:
At this point, Wireshark stops capturing and you need to click in the GUI if you want to restart it. So, to answer your question:
No. You must restart the capture manually. Regards answered 31 Oct '13, 04:16  Kurt Knochner ♦ |
