I am feeding the traffic of a network to Wireshark using named Pipe. I am sending data in a PCAP format by sending the global header along with packet header and data. However, When I try to restart the capture I am getting "Unrecognized libcap format" error. Is there any way to know that wireshark has been restarted and disconnected from the pipe by which I can create a new pipe and send header formats again? Thanks in advance. asked 09 Feb '17, 21:05  sharief |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Can you share the command you are using to start the pipe? Is a named pipe necessary, or can you directly pipe the output of the capture to wireshark, even over an ssh tunnel if necessary?
Thank you jon
I am using <path>/bin/wireshark -i <named_pipe> to start the PIPE. In my case named pipe is necessary as I have to store the data in a file which can not be done through a pipe. Am I thinking wrong here ? Please suggest whether I can provide with Pipe also ?