Wireshark mailing list archives
"illegal seek" writing to stdout (Tshark 1.2.6 on Fedora 12)
From: Joe Knapka <jknapka () kneuro net>
Date: Wed, 3 Nov 2010 10:34:20 -0600
Hi everyone, I have a script that uses tshark to filter selected packets from a very large body of captured data and passes them via stdout to a custom packet decoding tool. (Arguably this might be better implemented in some other way, eg with a dissector; but my approach leverages a bunch of existing Java code that knows how to decode the traffic in question.) The basic approach is: cat someHugeCaptureFile | tshark -i - -R $FILTER -w - | java DecoderClass With tshark 0.99.6 on Fedora 6 this works great. With tshark 1.2.6 on Fedora 12, it fails with: tshark: The file "-" could not be opened: Illegal seek If I omit the "-w -" and the pipe to the decoder, I get successful (but uninformative) tshark decode to stdout. If I use "-w -" without the pipe into the DecoderClass, I get a couple of raw packets dumped to stdout, followed by the "illegal seek" error. I suspect the problem may be with the environment rather than with tshark itself, but I'm not sure how to proceed. Unfortunately, I don't have administrative control over the machine in question, so I cannot just install the older tshark and try it out. My current workaround is to use tcpdump for simple things, but tshark's more capable read filters are extremely useful, and I miss them :-( I've seen one other message on wireshark-users about this, from 2009, with no response. Has anyone else seen this problem? Is there an easy solution? Thanks for any advice, -- JK ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- "illegal seek" writing to stdout (Tshark 1.2.6 on Fedora 12) Joe Knapka (Nov 03)
- Re: [Wireshark-users] "illegal seek" writing to stdout (Tshark 1.2.6 on Fedora 12) Christopher Maynard (Nov 03)