pocc/dl_livecap.sh

## dl_livecap.sh
#!/usr/bin/env bash
# This script will detect if there are any new partial download files
# And launch wire/tshark to read them as a live capture.

DL_DIR="$HOME/Downloads"
SHARK_CMD="wireshark -k -i -"
# SHARK_CMD="tshark -r -"
function DL_PARTIALS {
    # Partial names: Chrome=$file.crdownload, Firefox=$file.part, Safari=$file.download, Edge=$file.RaNd0mStr.partial
    find "$DL_DIR" -maxdepth 1 | perl -ne 'print /(.*pcapng\.(part|crdownload|download|[a-zA-Z0-9]+\.partial))/'
}

while true; do
    file="$(DL_PARTIALS)"
    while [ "$file" = "" ]; do sleep 1; file="$(DL_PARTIALS)"; done
    # Don't reopen wireshark if the user closed it for this file
    if [ "$prev_file_id" != "$(stat -c %i $file)" ]; then
        echo "Found download partial \`$file\`"
        tail -f -n +1 $file | $SHARK_CMD
    else
        sleep 1
    fi
    prev_file_id="$(stat -c %i $file)"
done
	#!/usr/bin/env bash
	# This script will detect if there are any new partial download files
	# And launch wire/tshark to read them as a live capture.

	DL_DIR="$HOME/Downloads"
	SHARK_CMD="wireshark -k -i -"
	# SHARK_CMD="tshark -r -"
	function DL_PARTIALS {
	# Partial names: Chrome=$file.crdownload, Firefox=$file.part, Safari=$file.download, Edge=$file.RaNd0mStr.partial
	find "$DL_DIR" -maxdepth 1 \| perl -ne 'print /(.*pcapng\.(part\|crdownload\|download\|[a-zA-Z0-9]+\.partial))/'
	}

	while true; do
	file="$(DL_PARTIALS)"
	while [ "$file" = "" ]; do sleep 1; file="$(DL_PARTIALS)"; done
	# Don't reopen wireshark if the user closed it for this file
	if [ "$prev_file_id" != "$(stat -c %i $file)" ]; then
	echo "Found download partial \`$file\`"
	tail -f -n +1 $file \| $SHARK_CMD
	else
	sleep 1
	fi
	prev_file_id="$(stat -c %i $file)"
	done