Re: tshark buffered packet dissection -- no realtime output?

[Guy Harris <guy () alum mit edu>]

On Jan 13, 2018, at 9:19 AM, Eldon <wireshark-users () eldondev com> wrote:

> I realize this is a longshot, but my mind immediately went to pipe
> buffering as well, and a comment on stackoverflow[1] seems to indicate
> that there are some situations where stdbuf -o0 will not work due to a
> variety of security measures or alternate configs/stdlibs. Since tshark
> might have some certain capabilities flags set, I just thought it might
> be worth checking!

Whatever capability flags are set on tshark would matter only if he's using stdbuf on tshark; if he's using it on curl, 
the issue would be whether *curl*, not *tshark*, prevented dynamic library injection.

And the actual issue is in the low-level code (*very* low-level code) in libwiretap that TShark uses to read the 
capture; that code isn't using the "standard I/O" libraries, so stdbuf won't affect it.  Even if curl *isn't* buffering 
its output, TShark, in effect, reads it as if it were buffered.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe