how to read a live changing capture file with a tcpdump or wireshark like with tail for a file.

Mubeesh ali mubeeshalivm at
Wed Mar 2 17:51:55 UTC 2011

thanks Jason. netcat seems suited for this.  I will check this out.

Best Regards,

On Wed, Mar 2, 2011 at 8:42 PM, Jason C. Wells <jcw at> wrote:
> On 03/01/11 08:07, Mubeesh ali wrote:
>> Hi ,
>> We do wifi troubleshooting and are planning to use kismet for wireless
>> captures. It produces a file that will be written into every 300
>> secs(configurable value ,we use 30 secs).  While comparing with a
>> expensive windows sniffer like Omnipeek   the only disadvantage of
>> this free tool is we have to continoulsly do tcpdump -r
>> <filename.pcap>  as the file changes. same with wireshark we need to
>> hit the refresh button.
>> Is there something equivalent to 'tail' for changing files  for
>> reading pcap files ? Appreciate any suggestions.
> netcat?

Best  Regards,

Mubeesh Ali.V.M

More information about the freebsd-questions mailing list