This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

can I use TShark with named pipes without going through dumpcap ?

0

I'm sending traffic to TShark (packet by packet) through named pipe. Dumpcap holds the data for up to 500ms, I want to get the result immediately. Is there a way to send a packet to TShark without going through dumpcap ?

asked 07 Jan '17, 21:49

kdani's gravatar image

kdani
26559
accept rate: 0%


One Answer:

0

According to bug 2874 if you run tshark -i - (to make tshark read from stdin) then dumpcap won't be spawned. If you can switch to using stdin rather than a named pipe then that should work for you.

answered 09 Jan '17, 06:25

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%