![]() How can I tell wireshark on windows to follow a pcap file still being filled with data, similar to the linux command above? With other words, how can I pipe that file continuously into wireshark. \Wireshark.exe "path-to-file-being-downloaded", wireshark starts with the content of the file, but complains it is "cut short in the middle of a packet". Get-Content "path-to-file-being-downloaded" -wait will give me a tail -f like view on some gibberish that seems to represent the content of a pcap file. \Wireshark.exe -i - (without "-wait"), Wireshark will start without opening a file, thus does not seem to see the piped input. If I do Get-Content "path-to-file-being-downloaded" |. I guess this is because the pipe is sending an object, not a stream. ![]() Get-Content "path-to-file-being-downloaded" -wait |. ![]() The following does not work (with the PowerShall-almost-equivalent of tail -f): I want to see that file live in wireshark.exe as well, similar to the linux variant above. I believe the fritzbox router is using tcpdump internally, streaming the output as file down to my local windows downloads folder). It's a live capture from a Chrome session to being streamed to my downloads folder. So I have a pcap file that is being constantly filled with data. The target machine (AVM Fritzbox) does not have ssh or telnet (not anymore). You'd only want to change it if you have specific requirements (like if you need to specify an interface name). You can leave the capture command empty and it will capture on eth0. Both works fine, as long as I have access to a shell and tcpdump. You just have to configure the SSH settings in that window to get Wireshark to log in and run tcpdump. ![]() I can also start from a windows machine to a linux machine that has tcpdump installed: plink.exe -ssh -pw password "tcpdump -ni any -s 0 -w - not port 22" | "C:\Program Files\Wireshark\Wireshark.exe" -k -i. On linux, I can capture a pcap file on another host with tcpdump and pipe it back to wireshark on the local machine for a live capture experience: ssh host sudo tcpdump -iany -U -s0 -w - 'not port 22' | wireshark-gtk -k -i. This is probably less a wireshark question and more a "how do I pipe a file into an application" on windows.
0 Comments
Leave a Reply. |