Wireshark · Wireshark-users: Re: [Wireshark-users] tshark buffered packet dissection -- no realtime output?

[Ralph Schmieder <ralph.schmieder@xxxxxxx>]

Thanks for this, Lee.

But no, it's the same result. In fact, I used that option in curl (and 
also tried with stdbuf -o0). Would have been surprised if the results 
were different since the "-i -" does deliver the packets in / close-to 
real-time which seems to proof that the issue is not buffering in curl 
but in tshark.

Thanks,
-ralph


On 01/12/2018 08:31 PM, Lee wrote:
> On 1/12/18, Ralph Schmieder <ralph.schmieder@xxxxxxx> wrote:
> > running tshark on Fedora 26 (TShark (Wireshark) 2.2.8
> > (wireshark-2.2.8)). I get packets in pcap-ng format from a REST API
> > which I feed via stdin into tshark like this:
> >
> > curl $API | tshark -l -r - -T text
> >
> > This basically works. However, the output is buffered, despite using the
> > '-l' option. E.g. only after a couple of packets have arrived, the
> > buffer is flushed and the dissected packets are printed. I also
> > experimented with stdbuf for the curl command but that didn't help
> > either.
> does "curl --no-buffer $API" make any difference?
>
>         -N, --no-buffer
>                Disables the buffering of the output stream. In normal
> work situations, curl will use a standard  buffered  output
>                stream  that  will  have  the effect that it will output
> the data in chunks, not necessarily exactly when the data
>                arrives.  Using this option will disable that buffering.
>
> Regards,
> Lee
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    https://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
>               mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe