Is there a way to view a packet stream in real time? What I mean by this can kind of be simulated by holding ctrl+end during a capture and watching the Packet Bytes view. Not all packets need to be displayed, just the latest one. This is useful in certain situations such as monitoring a live udp stream while manipulating an application. Thanks asked 12 May '11, 09:10  Hugh Jeffner |
2 Answers:
Stealing Geralds idea and enhancing it with some awk magic might do the trick for you: This will capture traffic and shows it straight away (without name-resolving nor buffering). Then the awk will clear the screen on every first line of tcpdump output of each packet. answered 13 May '11, 10:49  SYN-bit ♦♦ It doesn't have the performance I was hoping for but it does work. -Thanks (13 May '11, 17:04) Hugh Jeffner |
You can sort of do this in the GUI as Joke describes, but it might make more sense to do this on the command line using answered 12 May '11, 11:12  Gerald Combs ♦♦ This looks promising, but it scrolls by way too fast. Is there an easy way to pipe the output to display only the most recent packet? I basically need to write each packet output to the same area of the screen. (12 May '11, 12:56) Hugh Jeffner |
You can turn on Auto Scroll in Live Capture, but you still need to hit CTRL+end to view the packet bytes of the last packet.