Wireshark-dev: Re: [Wireshark-dev] tshark: drop features "dump to stdout" and"readfilter" - con
From: "Maynard, Chris" <[email protected]>
Date: Wed, 10 Oct 2007 11:00:37 -0400
Hmm, I wonder what the point of doing "tshark -w - > /some/file" is when
you could just do "tshark -w /some/file"?

Anyway, I tried it and it seems to work better, although compared to the
0.99.6 version, the output differs given the same options.  I would
expect the output to be the same, no?

Running "tshark.exe -p -i 4 -f icmp -c 4 -w - > tsharktest.cap":

"C:\wireshark-gtk2\tshark.exe" -r tsharktest.cap
  1   0.000000 -> 74
  2   0.000272 -> 74
  3   1.002940 -> 74
  4   1.003186 -> 74

"C:\Program Files\Wireshark\tshark.exe" -r tsharktest.cap
No log handling enabled - turning on stderr logging
  1   0.000000 -> 74 ICMP Echo (ping) request
  2   0.000305 -> 74 ICMP Echo (ping) reply
  3   1.001864 -> 74 ICMP Echo (ping) request
  4   1.002157 -> 74 ICMP Echo (ping) reply

- Chris

-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Jeff Morriss
Sent: Wednesday, October 10, 2007 9:47 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] tshark: drop features "dump to stdout"
and"readfilter" - conclusion

Maynard, Chris wrote:
> FYI: I was able to test this on a Windows PC, but it doesn't appear to
be working.  I could be doing something wrong since I hardly ever use
tshark, but I compared the output of a 0.99.6-tshark with the output of
an SVN-23125-tshark with the following command line:

When using "-w -" you're telling tshark to write the *PCAP* data to 
stdout so normally I'd do:

tshark -w - > /some/file

And then:

tshark -r /some/file

to read it back in/display it.
Wireshark-dev mailing list
[email protected]

This email may contain confidential and privileged material for the
sole use of the intended recipient(s). Any review, use, retention,
distribution or disclosure by others is strictly prohibited. If you
are not the intended recipient (or authorized to receive for the
recipient), please contact the sender by reply email and delete all
copies of this message. Also, email is susceptible to data
corruption, interception, tampering, unauthorized amendment and
viruses. We only send and receive emails on the basis that we are
not liable for any such corruption, interception, tampering,
amendment or viruses or any consequence thereof.