I have a .pcap file on my android device, that I can access from my PC with wireshark via smb and wondering if it possible to get a 'Live view' of that file in wireshark.
Is there any solution?
Asked
Active
Viewed 2,661 times
2 Answers
3
You can use the following:
tail -f -c +0 foo.pcap | wireshark -k -i -
With:
tail -f -c +0: Feed the capture file to wireshark-k: Start the capture session immediately-i -: Capture from STDIN
Reference: Wireshark feeding from stdin
Gohu
- 924
- 1
- 7
- 16
1
Yes, there is pcaptail which does exactly that (direct download).
Adrian Frühwirth
- 781
- 4
- 12
-
the link is dead – Carson Ip Sep 10 '18 at 09:17
-
@CarsonIp Thanks! Unfortunately his blog seems to be down, the download is still valid though. I added an archive.org-link to the blog post as well as a direct download link to the code. – Adrian Frühwirth Oct 26 '18 at 06:55
-
I tried that already. I even had to change some source code to get it compiled. Later I realize there's a way easier method to pipe input into wireshark. – Carson Ip Oct 26 '18 at 10:16