This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to pipe tshark output in realtime?

0

Hi everyone,

I am monitoring wifi traffic and want to process every output line in real time.

Monitoring works:

sudo tshark -i mon0 subtype probereq

Saving to a file works:

sudo tshark -i mon0 subtype probereq > pcap.log

Piping file for processing works:

cat pcap.log | while read -r line; do echo "$line"; done

But piping thark output directly just doesn't work:

sudo tshark -i mon0 subtype probereq | while read -r line; do echo "$line"; done

What's the problem? How can I process every line of tshark output in real time?

Cheers bluepuma

asked 25 Nov '13, 10:56

bluepuma's gravatar image

bluepuma
6113
accept rate: 0%


One Answer:

1

tshark output is buffered. Please use tshark option -l, if you want tshark to flush STDOUT after every packet.

Regards
Kurt

answered 25 Nov '13, 11:04

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Thanks, that was easy

(25 Nov '13, 11:49) bluepuma