This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark named pipes disconnect

0

I have managed to make a program that feeds packets to Wireshark through a named pipe. It can detect that Wireshark has stopped/restarted the capture, because writing fails. It can then reopen the pipe, so Wireshark can receive packets when it starts capturing again.

What I want is the same, but for when my application restarts. My question is:

What does Wireshark do when a named pipe is closed from the server side. Does (can) it recognize this, and is there any way to make Wireshark receive packets on the same pipe, from a new instance of the feeding program, without restarting the capture? I basically want the same functionality with pipes as with network interfaces.

This is on Windows 7.

asked 29 Oct '13, 10:49

oyv's gravatar image

oyv
16225
accept rate: 0%


One Answer:

1

What does Wireshark do when a named pipe is closed from the server side.

It stops capturing.

is there any way to make Wireshark receive packets on the same pipe, from a new instance of the feeding program,

The only way to tell the running instance of Wireshark to start capturing again, is by clicking on the appropriate button/menus in the GUI. By doing so, you will either loose the old capture data or you'll have to save them to a file. The GUI will ask you what to do after you requested a capture restart.

Tested on Linux, but it's the same on Windows:

mkfifo /tmp/pcap_data
tcpdump -ni eth0 -w /tmp/pcap_data &
wireshark -ni /tmp/pcap_data -k &
killall tcpdump

At this point, Wireshark stops capturing and you need to click in the GUI if you want to restart it.

So, to answer your question:

and is there any way to make Wireshark receive packets on the same pipe, from a new instance of the feeding program, without restarting the capture?

No. You must restart the capture manually.

Regards
Kurt

answered 31 Oct '13, 04:16

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%