https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
--- Comment #5 from Guy Harris <guy@xxxxxxxxxxxx> 2008-08-15 15:10:07 PDT ---
We could, I guess, have tshark, when run with "-w" and "-R", have dumpcap pipe
the capture to it rather than writing the capture to a file, and have tshark
read from the pipe, dissect the packets, apply the read filter, and write the
packets that match to the file.
(Yes, this might slow capture down a bit, but we will not do dissection in any
process that needs to run with privileges - that is non-negotiable - which
means that either
1) there need to be two programs/processes involved
or
2) this feature would only work on platforms that don't require dangerously
elevated privileges to capture - such platforms exist, but they need to be
configured to allow that
or
3) we'd have to pull the capture code back into tshark and have it start
the capture first and then give up privileges, which is a bit complicated and
ugly.)
See also bug 2743.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
