From owner-freebsd-questions@FreeBSD.ORG  Tue Mar  1 16:39:29 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D0756106564A
	for <freebsd-questions@freebsd.org>;
	Tue,  1 Mar 2011 16:39:29 +0000 (UTC)
	(envelope-from mubeeshalivm@gmail.com)
Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com
	[209.85.214.54])
	by mx1.freebsd.org (Postfix) with ESMTP id 615838FC14
	for <freebsd-questions@freebsd.org>;
	Tue,  1 Mar 2011 16:39:28 +0000 (UTC)
Received: by bwz12 with SMTP id 12so5255323bwz.13
	for <freebsd-questions@freebsd.org>;
	Tue, 01 Mar 2011 08:39:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:date:message-id:subject:from:to
	:content-type:content-transfer-encoding;
	bh=Krcx/Sy8Qh/K0a6LKlpCmUA4H4ANaylZ/JZT6j+CZ8A=;
	b=JNm+qlTwXr1QUUx4K/IVy6pTc0OW61xLJDiaL9yJfcOnWsRFUxFD1A8inM1ED32sMg
	KLNsvGsMJITtLb7WnwDfhyRJxgi1SM3r4Rf2HD1QICH+euvYeUGQHBNKoj/bWNNNGRYm
	wMouB6yTgSKb1pw5ZNpZlxN+qetRUG968kJws=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:date:message-id:subject:from:to:content-type
	:content-transfer-encoding;
	b=hXYKf3edfOLou/du4TYODGsqi0kqdHAknZ2x9eC0X13iiDYqd8Bz1ss5mo4xGO6wh7
	0m6/N8DFslnzzQelFeSSKQLZpJsPuid3j2idkxbPoAVZZtuB7Yg7Cl8xlVoM60q4cBQt
	3QkzcisxxvDHWz+QolZTJoq9arWqS4Tl78ZBY=
MIME-Version: 1.0
Received: by 10.204.80.161 with SMTP id t33mr6332144bkk.121.1298995669329;
	Tue, 01 Mar 2011 08:07:49 -0800 (PST)
Received: by 10.204.62.83 with HTTP; Tue, 1 Mar 2011 08:07:49 -0800 (PST)
Date: Tue, 1 Mar 2011 21:37:49 +0530
Message-ID: <AANLkTimzow4vbHVNrp05-2c_NFebgXwSRq10-19htC9f@mail.gmail.com>
From: Mubeesh ali <mubeeshalivm@gmail.com>
To: FreeBSD Questions <freebsd-questions@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: how to read a live changing capture file with a tcpdump or wireshark
 like with tail for a file.
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Mar 2011 16:39:29 -0000

Hi ,


We do wifi troubleshooting and are planning to use kismet for wireless
captures. It produces a file that will be written into every 300
secs(configurable value ,we use 30 secs).  While comparing with a
expensive windows sniffer like Omnipeek   the only disadvantage of
this free tool is we have to continoulsly do tcpdump -r
<filename.pcap> as the file changes. same with wireshark we need to
hit the refresh button.

Is there something equivalent to 'tail' for changing files  for
reading pcap files ? Appreciate any suggestions.

--=20
Best=A0 Regards,
Mubeesh Ali.V.M