a workarround:
tcpdump -w - | tshark -r -
On Mon, Sep 15, 2008 at 2:25 PM, <bugzilla-daemon@xxxxxxxxxxxxx> wrote:
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2874
>
> Summary: dumpcap unnecessarily delays tshark
> Product: Wireshark
> Version: 1.0.2
> Platform: All
> OS/Version: All
> Status: NEW
> Severity: Normal
> Priority: Low
> Component: TShark
> AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
> ReportedBy: stephane_chazelas@xxxxxxxx
>
>
> Build Information:
> TShark 1.0.3
>
> Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
> This is free software; see the source for copying conditions. There is NO
> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
>
> Compiled with GLib 2.16.5, with libpcap 0.9.8, with libz 1.2.3.3, with POSIX
> capabilities (Linux), with libpcre 7.6, without SMI, with ADNS, with Lua 5.1,
> with GnuTLS 2.4.1, with Gcrypt 1.4.1, with MIT Kerberos.
>
> Running on Linux 2.6.24.2, with libpcap version 0.9.8.
>
> Built using gcc 4.3.2.
>
> --
> When using tshark -li-
>
> tshark spawns dumpcap.
>
> dumpcap performs a loop that reads pcap packets from stdin, and writes
> instructions to tshark.
>
> However, dumpcap will only send packets to tshark once per second. The code in
> dumpcap.c has:
>
> /* Only update once a second (Win32: 500ms) so as not to overload slow
> * displays. This also prevents too much context-switching between the
> * dumpcap and wireshark processes */
>
> While that can be understood of wireshark, it cannot really of tshark. One
> generally wants tshark to output packets as soon as they are received
> especially if the -l option is given. IMO, if wireshark has a limitation in
> that it shouldn't be refreshed too often, then the waiting should be in the
> code of wireshark, not in dumpcap, or at least there should be an option that
> wireshark passes to dumpcap to enable that "waiting".
>
>
>
> A consequence of that is that the output of tshark is delayed unncessarily.
> This is especially annoying for the script I was trying to make:
>
> It is a script that decodes the output of some "tracing" command that outputs
> hexdumps of SCCP packets.
>
> It opens a set of pipes (for input and output) to the tshark -Vli- command, and
> in a loop does a:
>
> - write a pcap packet to the pipe to tshark input
> - read the decoded packet from the pipe from tshark output
> - write to stdout the coded and decoded packets
>
> Because of the "sleeping" in dumpcap, that script can only decode one packet
> per second.
>
>
> --
> Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
> ------- You are receiving this mail because: -------
> You are the assignee for the bug.
> _______________________________________________
> Wireshark-bugs mailing list
> Wireshark-bugs@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-bugs
>
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
