https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2743
Summary: tshark, when run without -w, should have dumpcap pipe
the packets to it
Product: Wireshark
Version: 1.0.2
Platform: All
OS/Version: All
Status: NEW
Severity: Major
Priority: Low
Component: TShark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: guy@xxxxxxxxxxxx
Build Information:
TShark 1.0.2 (SVN Rev 25698)
Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GLib 2.16.3, with libpcap 0.9.5, with libz 1.2.3, without POSIX
capabilities, without libpcre, without SMI, without ADNS, without Lua, without
GnuTLS, without Gcrypt, with MIT Kerberos.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.
Running on Darwin 9.4.0 (MacOS 10.5.4), with libpcap version 0.9.5.
Built using gcc 4.0.1 (Apple Inc. build 5465).
--
TShark, when run without -w, isn't told to permanently save the captured
packets to a file; it's only supposed to dissect and print the packets.
Currently, it does that by running dumpcap without "-w", so that it writes to a
temporary file, and then reads the temporary file.
This means that if you leave TShark running for a long period of time, and it
captures a lot of packets, a large capture file is written, which can fill up
the disk;
In addition, it appears that, in some cases, the capture file isn't deleted.
TShark should run dumpcap in a mode where it writes the captured packets to a
pipe, fflushing the output stream at the end of a packet batch, and reads
captured packets from the pipe.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
