Wireshark · Wireshark-users: Re: [Wireshark-users] tshark buffered packet dissection -- no realtime output?

Wireshark-users: Re: [Wireshark-users] tshark buffered packet dissection -- no realtime output?

From: Eldon <wireshark-users@xxxxxxxxxxxx>

Date: Sat, 13 Jan 2018 12:19:38 -0500

On Sat, Jan 13, 2018 at 09:45:51AM +0100, Ralph Schmieder wrote:
> Thanks for this, Lee.
> 
> But no, it's the same result. In fact, I used that option in curl (and 
> also tried with stdbuf -o0). 

Hi,

I realize this is a longshot, but my mind immediately went to pipe
buffering as well, and a comment on stackoverflow[1] seems to indicate
that there are some situations where stdbuf -o0 will not work due to a
variety of security measures or alternate configs/stdlibs. Since tshark
might have some certain capabilities flags set, I just thought it might
be worth checking!

Hope this helps,
Eldon

[1] https://unix.stackexchange.com/a/25378


> were different since the "-i -" does deliver the packets in / close-to 
> real-time which seems to proof that the issue is not buffering in curl 
> but in tshark.
> 
> Thanks,
> -ralph
> 
> 
> On 01/12/2018 08:31 PM, Lee wrote:
> > On 1/12/18, Ralph Schmieder <ralph.schmieder@xxxxxxx> wrote:
> >> running tshark on Fedora 26 (TShark (Wireshark) 2.2.8
> >> (wireshark-2.2.8)). I get packets in pcap-ng format from a REST API
> >> which I feed via stdin into tshark like this:
> >>
> >> curl $API | tshark -l -r - -T text
> >>
> >> This basically works. However, the output is buffered, despite using the
> >> '-l' option. E.g. only after a couple of packets have arrived, the
> >> buffer is flushed and the dissected packets are printed. I also
> >> experimented with stdbuf for the curl command but that didn't help
> >> either.
> > does "curl --no-buffer $API" make any difference?
> >
> >         -N, --no-buffer
> >                Disables the buffering of the output stream. In normal
> > work situations, curl will use a standard  buffered  output
> >                stream  that  will  have  the effect that it will output
> > the data in chunks, not necessarily exactly when the data
> >                arrives.  Using this option will disable that buffering.
> >
> > Regards,
> > Lee
> > ___________________________________________________________________________
> > Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> > Archives:    https://www.wireshark.org/lists/wireshark-users
> > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
> >               mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
> 
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    https://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

Follow-Ups:
- Re: [Wireshark-users] tshark buffered packet dissection -- no realtime output?
  - From: Guy Harris

References:
- [Wireshark-users] tshark buffered packet dissection -- no realtime output?
  - From: Ralph Schmieder
- Re: [Wireshark-users] tshark buffered packet dissection -- no realtime output?
  - From: Lee
- Re: [Wireshark-users] tshark buffered packet dissection -- no realtime output?
  - From: Ralph Schmieder

Prev by Date: Re: [Wireshark-users] tshark buffered packet dissection -- no realtime output?
Next by Date: Re: [Wireshark-users] tshark buffered packet dissection -- no realtime output?
Previous by thread: Re: [Wireshark-users] tshark buffered packet dissection -- no realtime output?
Next by thread: Re: [Wireshark-users] tshark buffered packet dissection -- no realtime output?
Index(es):
- Date
- Thread