Hey, I’ve been doing some work in a Linux VM recently, and having to use secure copy (scp) every time just to copy a tcpdump capture to my MacOS machine to inspect it with Wireshark is not very fun. VM MACOS tcpdump --> capture scp linux --> /tmp/capture wireshark /tmp/capture Given that Wireshark can inspect packets flowing in real time, what if Wireshark perform the equivalent of a tail -f operation on a given packet file? It turns out that this is possible and pretty simple. tl;dr: wires...
