Because of Bug 2874 in dumpcap, tshark will normaly only respond every 500ms. I need lower latency as I am feeding a live application. I heard this can be accomplished with pipes, but am completely inexperienced with pipes. How would this be done? What I need is for the dissectors to be running in realtime, continually. asked 11 Jul '17, 15:44  afay edited 11 Jul '17, 17:20 |
One Answer:
Use tshark -w - -F pcap | tshark -r - answered 12 Jul '17, 09:33 afay |
Did you mean
dumpcap -w - -P | tshark -r -? Or does dumpcap spawned by tshark really behave differently if that tshark writes to stdout than if it writes to a regular file?