This is probably less a wireshark question and more a "how do I pipe a file into an application" on windows.
On linux, I can capture a pcap file on another host with tcpdump and pipe it back to wireshark on the local machine for a live capture experience:ssh host sudo tcpdump -iany -U -s0 -w - 'not port 22' | wireshark-gtk -k -i -.
I can also start from a windows machine to a linux machine that has tcpdump installed: plink.exe -ssh -pw password user@host "tcpdump -ni any -s 0 -w - not port 22" | "C:\Program Files\Wireshark\Wireshark.exe" -k -i -. Both works fine, as long as I have access to a shell and tcpdump. But I don't.
The target machine (AVM Fritzbox) does not have ssh or telnet (not anymore). I can't login to a shell. I only have web access.
So I have a pcap file that is being constantly filled with data. It's a live capture from a Chrome session to http://fritz.box/html/capture.html being streamed to my downloads folder. I believe the fritzbox router is using tcpdump internally, streaming the output as file down to my local windows downloads folder).
I want to see that file live in wireshark.exe as well, similar to the linux variant above.
The following does not work (with the PowerShall-almost-equivalent of tail -f):
Get-Content "path-to-file-being-downloaded" -wait | .\Wireshark.exe -i -.
Wireshark is simply not starting. I guess this is because the pipe is sending an object, not a stream.
If I do Get-Content "path-to-file-being-downloaded" | .\Wireshark.exe -i - (without "-wait"), Wireshark will start without opening a file, thus does not seem to see the piped input.
Get-Content "path-to-file-being-downloaded" -wait will give me a tail -f like view on some gibberish that seems to represent the content of a pcap file. If I open the same file with .\Wireshark.exe "path-to-file-being-downloaded", wireshark starts with the content of the file, but complains it is "cut short in the middle of a packet".. obviously..
How can I tell wireshark on windows to follow a pcap file still being filled with data, similar to the linux command above? With other words, how can I pipe that file continuously into wireshark.exe?
Thanks Dan
