On Oct 22, 2010, at 9:43 PM, Stephen Fisher wrote:
> On Thu, Oct 21, 2010 at 03:29:36PM -0500, Craig Votava wrote:
>
>> I wrote a Perl script that feeds pcap data to an instance of tshark
>> running in a child process, then takes the decoded output to present
>> to the user.
>>
>> The problem is that I don't know when tshark is done sending output
>> back to me.
>
> How about using "pdml" or "psml" with the -T option.
...especially given that the default ("-T text") output of TShark is designed for humans, not programs, to read. If your program can read it, great, but if it's easier for it to read PSML or PDML....
(Yes, I know about the UNIX philosophy with respect to program output. At times, it can lead to output that's suboptimal for humans to read but not *quite* as parsable by software as one might like, i.e. it can sacrifice human readability without gaining sufficient program readability to make up for it - sometimes you might as well just have two separate formats and be done with it.)
