5
1
I have a .pcap file on my android device, that I can access from my PC with wireshark via smb and wondering if it possible to get a 'Live view' of that file in wireshark.
Is there any solution?
christophrus
Posted 2013-03-18T16:49:32.963
Reputation: 171
1
You can use the following:
tail -f -c +0 foo.pcap | wireshark -k -i -
With:
tail -f -c +0: Feed the capture file to wireshark-k: Start the capture session immediately-i -: Capture from STDINReference: Wireshark feeding from stdin
Gohu
Posted 2013-03-18T16:49:32.963
Reputation: 757
1
Yes, there is pcaptail which does exactly that (direct download).
Adrian Frühwirth
Posted 2013-03-18T16:49:32.963
Reputation: 771
the link is dead – Carson Ip – 2018-09-10T09:17:37.767
@CarsonIp Thanks! Unfortunately his blog seems to be down, the download is still valid though. I added an archive.org-link to the blog post as well as a direct download link to the code. – Adrian Frühwirth – 2018-10-26T06:55:45.373
I tried that already. I even had to change some source code to get it compiled. Later I realize there's a way easier method to pipe input into wireshark. – Carson Ip – 2018-10-26T10:16:09.107