imgpolew.blogg.se - Open pcap file wireshark command line

That data needs to be in pcap format as Wireshark will only understand that.

write your generated packets to STDOUT.

spawn a Wireshark process in your code: wireshark -k -i.

So, in your c++ program the part of tcpdump is obsolete, as you create the packets yourself. That output is piped to STDIN of Wireshark (-i -). Tcpdump writes a data stream (pcap data structure) to STDOUT (-w -).

Tcpdump -ni eth0 -w - | wireshark -k -i. So, basically what you need to do in your program is similar to this. Well, you don't have to call dumpcap, as that's just the capturing process to generate a pcap data stream, that is piped to Wireshark. What should I use as -i interface option? spawn a wireshark process, that reads from that named pipe: wireshark -nr \.Quick follow up, I am creating pcap headers in a c++ files and in the same file I want to execute dumpcap from the same c++ file to save those pcap headers, so that I can open the pcap file written by dumpcap in wireshark later on.create a named pipe (please check your OS manual how to do that).as soon as you are ready, kill the spawned wireshark process.If you cannot write pcap format, you could use text2pcap as an intermediate tool: your_application -> STDOUT | text2pcap - | wireshark -k -i.

Quick follow up, I am creating pcap headers in a c++ files and in the same file I want to execute dumpcap from the same c++ file to save those pcap headers, so that I can open the pcap file written by dumpcap in wireshark later on.