Wireshark mailing list archives

Re: tshark buffered packet dissection -- no realtime output?

From: Eldon <wireshark-users () eldondev com>
Date: Sat, 13 Jan 2018 12:19:38 -0500

On Sat, Jan 13, 2018 at 09:45:51AM +0100, Ralph Schmieder wrote:

Thanks for this, Lee.

But no, it's the same result. In fact, I used that option in curl (and 
also tried with stdbuf -o0).


Hi,

I realize this is a longshot, but my mind immediately went to pipe
buffering as well, and a comment on stackoverflow[1] seems to indicate
that there are some situations where stdbuf -o0 will not work due to a
variety of security measures or alternate configs/stdlibs. Since tshark
might have some certain capabilities flags set, I just thought it might
be worth checking!

Hope this helps,
Eldon

[1] https://unix.stackexchange.com/a/25378

were different since the "-i -" does deliver the packets in / close-to 
real-time which seems to proof that the issue is not buffering in curl 
but in tshark.

Thanks,
-ralph


On 01/12/2018 08:31 PM, Lee wrote:

On 1/12/18, Ralph Schmieder <ralph.schmieder () inka de> wrote:

running tshark on Fedora 26 (TShark (Wireshark) 2.2.8
(wireshark-2.2.8)). I get packets in pcap-ng format from a REST API
which I feed via stdin into tshark like this:

curl $API | tshark -l -r - -T text

This basically works. However, the output is buffered, despite using the
'-l' option. E.g. only after a couple of packets have arrived, the
buffer is flushed and the dissected packets are printed. I also
experimented with stdbuf for the curl command but that didn't help
either.

does "curl --no-buffer $API" make any difference?

        -N, --no-buffer
               Disables the buffering of the output stream. In normal
work situations, curl will use a standard  buffered  output
               stream  that  will  have  the effect that it will output
the data in chunks, not necessarily exactly when the data
               arrives.  Using this option will disable that buffering.

Regards,
Lee
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
              mailto:wireshark-users-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

tshark buffered packet dissection -- no realtime output? Ralph Schmieder (Jan 12)
- Re: tshark buffered packet dissection -- no realtime output? Lee (Jan 12)
  - Re: tshark buffered packet dissection -- no realtime output? Ralph Schmieder (Jan 13)
    - Re: tshark buffered packet dissection -- no realtime output? Eldon (Jan 13)
    - Re: tshark buffered packet dissection -- no realtime output? Guy Harris (Jan 13)
    - Re: tshark buffered packet dissection -- no realtime output? Guy Harris (Jan 13)
- Re: tshark buffered packet dissection -- no realtime output? Guy Harris (Jan 13)
  - Re: tshark buffered packet dissection -- no realtime output? Guy Harris (Jan 18)