Home Posts Links Notes Now



Got a program writing to a pcap that you want to see in real time in Wireshark?

If you can control the output pcap file name, you can swap it out with a fifo so the program writes to that, then open with Wireshark like so:

$ mkfifo /tmp/fifo $ wireshark -i /tmp/fifo -k

If you have a program that sends packets to stdout, you can pipe them into Wireshark like this to see them as they are being received:

$ ./my_capturing_program.bin | wireshark -k -i - Via

Thanks for reading. Feel free to reach out for any comment or question.