Wireshark pode farejar pipes nomeados, como descrito em este artigo :
Before pipes, Wireshark could read the captured packets to display either from a file (which had been previously created) or for a network interface (in real time). Since pipes are supported, Wireshark can also read packets from another application, and shows them in real time.
There are some limitations that you should be aware of:
- This only works with the de facto standard libpcap format version 2.4, as described in Development/LibpcapFileFormat. Some other formats may work in theory, but this has not been tested.
- Capturing from a pipe is inconvenient, because you have to set up the pipe and put a file header into the pipe before you can start the capture. A few patches have been mailed to the development list that could solve this, so if you find the approach inconvenient, try the patches.
- The named pipe is not listed in the drop-down interface selection, and must be typed into the interface box. On Windows, it must be typed slowly (or pasted).
Depois de experimentá-lo, ou descobrir quais são os patches mencionados, ou entrar em contato com o autor do artigo acima, ainda resta o problema de saber o nome do pipe, que é milagrosamente resolvido (de novo) pelo utilitário sysinternals PipeList :
What you might also find surprising is that it's possible to obtain a directory listing of the named pipes defined on a system. This fact is not documented, nor is it possible to do this using the Win32 API.
Outra solução pode ser o produto comercial I / O Ninja ($ 30, teste disponível).