This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

The -l argument for tshark is supposed to display the dissection data immediately. However, it has no effect. I have a custom dissector sending data to another program. The other program is currently receiving it in bursts at about 2 times a second. This is far to slow. If -l does not work is there anyway to force wireshark or tshark to make these bursts happen more frequently? Currently none of the preferences I have toyed with have made an impact, including buffer size.

Thank You

asked 11 Jul '17, 11:52

afay's gravatar image

afay
6224
accept rate: 0%


In this case it's dumpcap that is the source of the delay: it only sends packets up to tshark once every 500msec (twice a second). Bug 2874 contains some details.

It seems the solution is to have tshark read from a pipe instead of from dumpcap.

permanent link

answered 11 Jul '17, 15:06

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%

Thank You!

(11 Jul '17, 15:11) afay

You're welcome. BTW this is a Q&A site so please be sure to Accept the answer (assuming it answers your question) by clicking on the checkmark next to the answer. That way the question won't show up as "unanswered."

(12 Jul '17, 06:40) JeffMorriss ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×832
×37
×1
×1

question asked: 11 Jul '17, 11:52

question was seen: 652 times

last updated: 12 Jul '17, 06:40

p​o​w​e​r​e​d by O​S​Q​A