Re: tshark buffered packet dissection -- no realtime output?

[Lee <ler762 () gmail com>]

On 1/12/18, Ralph Schmieder <ralph.schmieder () inka de> wrote:
> running tshark on Fedora 26 (TShark (Wireshark) 2.2.8
> (wireshark-2.2.8)). I get packets in pcap-ng format from a REST API
> which I feed via stdin into tshark like this:
>
> curl $API | tshark -l -r - -T text
>
> This basically works. However, the output is buffered, despite using the
> '-l' option. E.g. only after a couple of packets have arrived, the
> buffer is flushed and the dissected packets are printed. I also
> experimented with stdbuf for the curl command but that didn't help
> either.

does "curl --no-buffer $API" make any difference?

       -N, --no-buffer
              Disables the buffering of the output stream. In normal
work situations, curl will use a standard  buffered  output
              stream  that  will  have  the effect that it will output
the data in chunks, not necessarily exactly when the data
              arrives.  Using this option will disable that buffering.

Regards,
Lee
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe