Follow a .pcap file in wireshark like tail -f

Question

I have a .pcap file on my android device, that I can access from my PC with wireshark via smb and wondering if it possible to get a 'Live view' of that file in wireshark.

Is there any solution?

score 5 · Answer 1 · answered Oct 26 '18 at 07:40

5

You can use the following:

tail -f -c +0 foo.pcap | wireshark -k -i -

With:

tail -f -c +0: Feed the capture file to wireshark
-k: Start the capture session immediately
-i -: Capture from STDIN

Reference: Wireshark feeding from stdin

answered Oct 26 '18 at 07:40

Gohu

1,029

Adrian Frühwirth · Answer 2 · 2018-10-26T06:53:36.723

1

Yes, there is pcaptail which does exactly that (direct download).

edited Oct 26 '18 at 06:53

answered Jun 17 '14 at 12:51

Adrian Frühwirth

781

Follow a .pcap file in wireshark like tail -f

2 Answers2