Wireshark mailing list archives
tshark buffered packet dissection -- no realtime output?
From: Ralph Schmieder <ralph.schmieder () inka de>
Date: Fri, 12 Jan 2018 19:56:38 +0100
running tshark on Fedora 26 (TShark (Wireshark) 2.2.8 (wireshark-2.2.8)). I get packets in pcap-ng format from a REST API which I feed via stdin into tshark like this:
curl $API | tshark -l -r - -T textThis basically works. However, the output is buffered, despite using the '-l' option. E.g. only after a couple of packets have arrived, the buffer is flushed and the dissected packets are printed. I also experimented with stdbuf for the curl command but that didn't help either. When doing
curl $API | tshark -l -i - -T textit does output the packets in real-time. However, the packets are then fed through dumpcap which requires (totally unnecessary) elevated privileges and I'm also reading that this adds additional, unneeded delay of 500ms.
What I'm expecting is the real-time dissection of the packets received from the API as with the '-i -' option but without the need to run this through dumpcap and therefore having the current user member of the wireshark system group.
Found the below links, so it seems like I'm not entirely alone. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2874 https://osqa-ask.wireshark.org/questions/62677/tshark-l-does-not-function-force-tshark-realtime Thanks for any advance for any hint / advice! -ralph ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- tshark buffered packet dissection -- no realtime output? Ralph Schmieder (Jan 12)
- Re: tshark buffered packet dissection -- no realtime output? Lee (Jan 12)
- Re: tshark buffered packet dissection -- no realtime output? Ralph Schmieder (Jan 13)
- Re: tshark buffered packet dissection -- no realtime output? Eldon (Jan 13)
- Re: tshark buffered packet dissection -- no realtime output? Guy Harris (Jan 13)
- Re: tshark buffered packet dissection -- no realtime output? Guy Harris (Jan 13)
- Re: tshark buffered packet dissection -- no realtime output? Ralph Schmieder (Jan 13)
- Re: tshark buffered packet dissection -- no realtime output? Lee (Jan 12)
- Re: tshark buffered packet dissection -- no realtime output? Guy Harris (Jan 13)
- Re: tshark buffered packet dissection -- no realtime output? Guy Harris (Jan 18)