Follow a .pcap file in wireshark like tail -f

pcapwireshark

I have a .pcap file on my android device, that I can access from my PC with wireshark via smb and wondering if it possible to get a 'Live view' of that file in wireshark.

Is there any solution?

Best Answer

  • You can use the following:

    tail -f -c +0 foo.pcap | wireshark -k -i -
    

    With:

    • tail -f -c +0: Feed the capture file to wireshark
    • -k: Start the capture session immediately
    • -i -: Capture from STDIN

    Reference: Wireshark feeding from stdin