This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Bypassing dumpcap with TShark and pipes

0

Because of Bug 2874 in dumpcap, tshark will normaly only respond every 500ms. I need lower latency as I am feeding a live application. I heard this can be accomplished with pipes, but am completely inexperienced with pipes. How would this be done? What I need is for the dissectors to be running in realtime, continually.

asked 11 Jul '17, 15:44

afay's gravatar image

afay
6224
accept rate: 0%

edited 11 Jul '17, 17:20


One Answer:

0

Use tshark -w - -F pcap | tshark -r -

answered 12 Jul '17, 09:33

afay's gravatar image

afay
6224
accept rate: 0%

Did you mean dumpcap -w - -P | tshark -r - ? Or does dumpcap spawned by tshark really behave differently if that tshark writes to stdout than if it writes to a regular file?

(12 Jul '17, 10:12) sindy