Wireshark-dev: Re: [Wireshark-dev] tshark: drop features "dump to stdout" and "read filter" - c
From: Guy Harris <[email protected]>
Date: Tue, 9 Oct 2007 18:46:46 -0700
On Oct 9, 2007, at 1:17 PM, Ulf Lamping wrote:

WHY IS STDOUT NOT POSSIBLE?

Well, it's possible but just not implemented.

The current implementation simply passes the filename from tshark to
dumpcap, which then will mess up it's own stdout with the event messages
and packet data.

It's no vodoo magic to make it work again, but someone (but not me) has
to made the changes.
I've checked in a change to make dumpcap use its standard error,  
rather than its standard output, for the sync pipe; it appears to  
allow "tshark -w -" to work, at least when piping to tcpdump on OS X.   
I haven't tested it on Windows (my Windows "machine" is currently  
sitting on a disk drive I got back from DriveSavers after the drive in  
my PowerBook went bad; I haven't yet gotten the drive in the PowerBook  
replaced yet, so I can't figure up Virtual PC), but it looks as if it  
should work, at least based on
	http://support.microsoft.com/kb/190351

which says that, to *not* redirect one of the standard handles in a CreateProcess() call when you're redirecting others, just set the appropriate handle to GetStdHandle(the appropriate #define), which I'm assuming is STD_OUTPUT_HANDLE to leave the standard output alone.