Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] tshark: drop features "dump to stdout" and"readfilter" - con

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Maynard, Chris" <Christopher.Maynard@xxxxxxxxx>
Date: Wed, 10 Oct 2007 11:00:37 -0400
Hmm, I wonder what the point of doing "tshark -w - > /some/file" is when
you could just do "tshark -w /some/file"?

Anyway, I tried it and it seems to work better, although compared to the
0.99.6 version, the output differs given the same options.  I would
expect the output to be the same, no?

Running "tshark.exe -p -i 4 -f icmp -c 4 -w - > tsharktest.cap":

tshark-SVN-23133:
"C:\wireshark-gtk2\tshark.exe" -r tsharktest.cap
  1   0.000000 192.168.1.100 -> 192.168.1.1 74
  2   0.000272 192.168.1.1 -> 192.168.1.100 74
  3   1.002940 192.168.1.100 -> 192.168.1.1 74
  4   1.003186 192.168.1.1 -> 192.168.1.100 74

tshark-0.99.6:
"C:\Program Files\Wireshark\tshark.exe" -r tsharktest.cap
No log handling enabled - turning on stderr logging
  1   0.000000 192.168.1.100 -> 192.168.1.1 74 ICMP Echo (ping) request
  2   0.000305 192.168.1.1 -> 192.168.1.100 74 ICMP Echo (ping) reply
  3   1.001864 192.168.1.100 -> 192.168.1.1 74 ICMP Echo (ping) request
  4   1.002157 192.168.1.1 -> 192.168.1.100 74 ICMP Echo (ping) reply

- Chris

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Jeff Morriss
Sent: Wednesday, October 10, 2007 9:47 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] tshark: drop features "dump to stdout"
and"readfilter" - conclusion



Maynard, Chris wrote:
> FYI: I was able to test this on a Windows PC, but it doesn't appear to
be working.  I could be doing something wrong since I hardly ever use
tshark, but I compared the output of a 0.99.6-tshark with the output of
an SVN-23125-tshark with the following command line:

When using "-w -" you're telling tshark to write the *PCAP* data to 
stdout so normally I'd do:

tshark -w - > /some/file

And then:

tshark -r /some/file

to read it back in/display it.
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

-----------------------------------------
This email may contain confidential and privileged material for the
sole use of the intended recipient(s). Any review, use, retention,
distribution or disclosure by others is strictly prohibited. If you
are not the intended recipient (or authorized to receive for the
recipient), please contact the sender by reply email and delete all
copies of this message. Also, email is susceptible to data
corruption, interception, tampering, unauthorized amendment and
viruses. We only send and receive emails on the basis that we are
not liable for any such corruption, interception, tampering,
amendment or viruses or any consequence thereof.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube