Need help with "-w -" option to understand, which dump raw packets to stdout

[Tejas Patel via tcpdump-workers <tcpdump-workers () lists tcpdump org>]

> --- Begin Message ---
>
>
> From: Tejas Patel <tejaspatel_20 () yahoo co in>
>
> Date: Fri, 17 Jul 2020 12:35:46 +0000 (UTC)
>
>
> Hello Experts,
>
> I am writing one utility for one of my project, where currently I create pcap file by dumping packets information 
> capturing through raw socket. But now I am planning to do it same as "tcpdump -i eth0 -w - | wireshark -k -i -" does, 
> simply write to stdout and then I can pipe it to remote machine wireshark so that I can have live capture over there.
>
> Currently I am doing like this, to capture packets to file, and it is working fine. I can open file into wireshark as 
> expected.
> write(fileno(fp), &pcapfh, 24);
> write(fileno(fp), &pcaphdr, sizeof(pcaphdr));
> write(fileno(fp), pkt_ptr, bytes_to_write);
>
> But when I start dump to stdout, as below, it does not work. Wireshark not able to open live capture.
> write(fileno(stdout), &pcapfh, 24);
> write(fileno(stdout), &pcaphdr, sizeof(pcaphdr));
>
> write(fileno(stdout), pkt_ptr, bytes_to_write);
> For example - sshpass -p 'bnpBDE1LmA868lEKa9eQ.0' ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null root 
> () remote-host com /sbin/tcpdump -i eth0 -w - 'not port 22' | wireshark -k -i -My goal is to capture packets from 
> remote-host.com to my local machine with live capture, as per above example.
>
> If anybody can help me to understand format requirement to dump to stdout, so that wireshark can understand live 
> capture, that would be great help.
> Br,Tejaskumar Kasundra+91 9004015850
>
> --- End Message ---
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers