Attempts to make tethereal write to "/dev/stdout" (which should work on
Linux, various BSDs, Solaris, and at least some other UNIXes, although
some of them may require you to configure "/dev/fd" support into your
kernel) and then to pipe its output to "gzip -f" ("-f" to force "gzip"
to read from its standard input and write to its standard output) were
unsuccessful.
I've been playing with it a little, and it looks like having tethereal
write to a named pipe and hanging gzip off that does work, like this:
mknod testpipe p
tethereal -w testpipe
cat < testpipe | gzip -f > tethereal.dmp
Tethereal will start capturing when cat opens the pipe; 'cat' is needed
because gzip won't read from a pipe directly. Killing off tethereal
closes cat & gzip as well.
Neither tethereal nor ethereal find fault with the 'tethereal.dmp.gz'
produced, in the few times I tried it. This is under Linux; I don't know
whether the idea carries to other Unices.
Hope it helps,
Marco.
