Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 9533] New: Piping dumpcap to tshark results not stable

Wireshark-bugs: [Wireshark-bugs] [Bug 9533] New: Piping dumpcap to tshark results not stable

Date: Mon, 09 Dec 2013 16:28:23 +0000

Bug ID	9533
Summary	Piping dumpcap to tshark results not stable
Classification	Unclassified
Product	Wireshark
Version	1.10.3
Hardware	x86-64
OS	Debian
Status	UNCONFIRMED
Severity	Normal
Priority	Low
Component	TShark
Assignee	bugzilla-admin@wireshark.org
Reporter	steve@chigeek.com

Build Information:
tshark: Lua: Error during loading:
 [string "/usr/share/wireshark/init.lua"]:46: dofile has been disabled due to
running Wireshark as superuser. See
http://wiki.wireshark.org/CaptureSetup/CapturePrivileges for help in running
Wireshark as an unprivileged user.
TShark 1.10.3 (SVN Rev 53022 from /trunk-1.10)

Copyright 1998-2013 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.36.4, with libpcap, with libz 1.2.8, with POSIX
capabilities (Linux), without libnl, with SMI 0.4.8, with c-ares 1.10.0, with
Lua 5.2, without Python, with GnuTLS 2.12.23, with Gcrypt 1.5.3, with MIT
Kerberos, with GeoIP.

Running on Linux 3.11-2-amd64, with locale en_US.UTF-8, with libpcap version
1.4.0, with libz 1.2.8.
AMD E-350 Processor

Built using gcc 4.8.2.
--
When attempting to run tshark in a way as to not generate a temporary pcap file
(to avoid dumpcap being slowed down from slow disk), tshark will invariably
crash out after an indeterminate amount of packets with the error below:

root@dofler:~# dumpcap -i eth0 -w - | tshark -T psml -PS -l -r -
<SNIP>
<packet>
<section>682</section>
<section>9.613457000</section>
<section>50.141.197.202</section>
<section>63.148.88.65</section>
<section>TLSv1</section>
<section>1044</section>
<section>Application Data</section>
</packet>


tshark: The file "-" appears to be damaged or corrupt.
(pcapng_read_block: total block lengths (first 1300 and second 85196800) don't
match)
Packets: 704 dumpcap: The file to which the capture was being saved
("-") could not be closed: Broken pipe.
Packets captured: 704
Packets received/dropped on interface 'eth0': 704/0
(pcap:0/dumpcap:0/flushed:0) (100.0%)

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 9533] Piping dumpcap to tshark results not stable
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9533] Piping dumpcap to tshark results not stable
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 9532] New: Generating a dissector for a sequence of ints goes wrong
Next by Date: [Wireshark-bugs] [Bug 9534] New: tshark/dumpcap doesn't clean up ringbuffer files when it has fallen behind
Previous by thread: [Wireshark-bugs] [Bug 9532] New: Generating a dissector for a sequence of ints goes wrong
Next by thread: [Wireshark-bugs] [Bug 9533] Piping dumpcap to tshark results not stable
Index(es):
- Date
- Thread