Maynard, Chris wrote: > Hmm, I wonder what the point of doing "tshark -w - > /some/file" is when > you could just do "tshark -w /some/file"?
It's normally used in a more interesting way than my trivial example--for example sending the output to a pipe which then eventually sends the output to a file. Something like: ssh [EMAIL PROTECTED] "tshark -w -" > /some/file (so tshark gets executed on 'somehost' but the output file is created on your local machine.) > Anyway, I tried it and it seems to work better, although compared to the > 0.99.6 version, the output differs given the same options. I would > expect the output to be the same, no? > > Running "tshark.exe -p -i 4 -f icmp -c 4 -w - > tsharktest.cap": > > tshark-SVN-23133: > "C:\wireshark-gtk2\tshark.exe" -r tsharktest.cap > 1 0.000000 192.168.1.100 -> 192.168.1.1 74 > 2 0.000272 192.168.1.1 -> 192.168.1.100 74 > 3 1.002940 192.168.1.100 -> 192.168.1.1 74 > 4 1.003186 192.168.1.1 -> 192.168.1.100 74 > > tshark-0.99.6: > "C:\Program Files\Wireshark\tshark.exe" -r tsharktest.cap > No log handling enabled - turning on stderr logging > 1 0.000000 192.168.1.100 -> 192.168.1.1 74 ICMP Echo (ping) request > 2 0.000305 192.168.1.1 -> 192.168.1.100 74 ICMP Echo (ping) reply > 3 1.001864 192.168.1.100 -> 192.168.1.1 74 ICMP Echo (ping) request > 4 1.002157 192.168.1.1 -> 192.168.1.100 74 ICMP Echo (ping) reply Hmmm, yeah. I'll see if I can get my Windows build going again though IIRC I never could capture stuff with my own builds. _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
