[Wireshark-bugs] [Bug 14345] New: tshark packet dissection from pipe: buffers input

Mon, 15 Jan 2018 01:36:55 -0800 

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14345

            Bug ID: 14345
           Summary: tshark packet dissection from pipe: buffers input
           Product: Wireshark
           Version: 2.2.8
          Hardware: x86
                OS: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: Low
         Component: TShark
          Assignee: bugzilla-ad...@wireshark.org
          Reporter: ralph.schmie...@gmail.com
  Target Milestone: ---

Build Information:
TShark (Wireshark) 2.2.8 (wireshark-2.2.8)

Copyright 1998-2017 Gerald Combs <ger...@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3,
with GLib 2.52.3, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.13.0, with
Lua
5.1.5, with GnuTLS 3.5.14, with Gcrypt 1.7.8, with MIT Kerberos, with GeoIP.

Running on Linux 4.14.8-200.fc26.x86_64, with locale en_US.UTF-8, with libpcap
version 1.8.1, with GnuTLS 3.5.16, with Gcrypt 1.7.9, with zlib 1.2.11.
      Intel(R) Xeon(R) CPU E5-2695 v2 @ 2.40GHz (with SSE4.2)

Built using gcc 7.1.1 20170622 (Red Hat 7.1.1-3).
--
https://www.wireshark.org/lists/wireshark-users/201801/msg00008.html


Getting packets in pcap-ng format from a REST API which I feed via a pipe into
tshark like this:

curl $API | tshark -l -r - -T text

This basically works. However, the output of tshark is delayed, despite using
the '-l' option. E.g. only after a couple of packets have arrived, dissected
packets are printed. When doing

curl $API | tshark -l -i - -T text

it does output the packets in real-time. However, the packets are then fed
through dumpcap which requires the user to be (unnecessarily) a member of the
wireshark system group and I'm also reading that this adds additional, unneeded
delay of 500ms.

What I'm expecting is the real-time dissection of the packets received from the
API as with the '-i -' option but without the need to run this through dumpcap. 

According to Guy on the mailing list, this is due to the *input* of tshark
being buffered.

-- 
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

Reply via email to