On Oct 9, 2007, at 1:17 PM, Ulf Lamping wrote:
> WHY IS STDOUT NOT POSSIBLE?
>
> Well, it's possible but just not implemented.
>
> The current implementation simply passes the filename from tshark to
> dumpcap, which then will mess up it's own stdout with the event
> messages
> and packet data.
>
> It's no vodoo magic to make it work again, but someone (but not me)
> has
> to made the changes.
I've checked in a change to make dumpcap use its standard error,
rather than its standard output, for the sync pipe; it appears to
allow "tshark -w -" to work, at least when piping to tcpdump on OS X.
I haven't tested it on Windows (my Windows "machine" is currently
sitting on a disk drive I got back from DriveSavers after the drive in
my PowerBook went bad; I haven't yet gotten the drive in the PowerBook
replaced yet, so I can't figure up Virtual PC), but it looks as if it
should work, at least based on
http://support.microsoft.com/kb/190351
which says that, to *not* redirect one of the standard handles in a
CreateProcess() call when you're redirecting others, just set the
appropriate handle to GetStdHandle(the appropriate #define), which I'm
assuming is STD_OUTPUT_HANDLE to leave the standard output alone.
_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev
