Wireshark · Wireshark-dev: Re: [Wireshark-dev] tshark option for reassembled fragment output

Wireshark-dev: Re: [Wireshark-dev] tshark option for reassembled fragment output

From: Hadriel Kaplan <HKaplan@xxxxxxxxxxxxxx>

Date: Thu, 28 Mar 2013 05:18:33 +0000

On Mar 27, 2013, at 10:38 PM, Evan Huus <eapache@xxxxxxxxx>
 wrote:

>> So why make it optional?
> 
> Because -2 causes tshark to buffer, which we shouldn't be imposing on
> the user 'by accident'. Additionally, if we keep -2 a separate option
> then -d will be usable during a live capture, which fixes another
> long-standing issue in tshark.

You lost me... why would '-d'/'-Y' be usable during a live capture, but '-R' not?

I thought '-R' was only *unusable* with live capturing when the '-w' writing output file was also set, on purpose due to concerns of privilege separation (ie, bug 2234).  I put the same restriction in my patch for '-Y': it can't be used if both live-capture and writing to file are set.

-hadriel

Follow-Ups:
- Re: [Wireshark-dev] tshark option for reassembled fragment output
  - From: Evan Huus

References:
- [Wireshark-dev] tshark option for reassembled fragment output
  - From: Hadriel Kaplan
- Re: [Wireshark-dev] tshark option for reassembled fragment output
  - From: Evan Huus
- Re: [Wireshark-dev] tshark option for reassembled fragment output
  - From: Hadriel Kaplan
- Re: [Wireshark-dev] tshark option for reassembled fragment output
  - From: Christopher Maynard
- Re: [Wireshark-dev] tshark option for reassembled fragment output
  - From: Jeff Morriss
- Re: [Wireshark-dev] tshark option for reassembled fragment output
  - From: Hadriel Kaplan
- Re: [Wireshark-dev] tshark option for reassembled fragment output
  - From: Evan Huus
- Re: [Wireshark-dev] tshark option for reassembled fragment output
  - From: Evan Huus
- Re: [Wireshark-dev] tshark option for reassembled fragment output
  - From: Hadriel Kaplan
- Re: [Wireshark-dev] tshark option for reassembled fragment output
  - From: Evan Huus
- Re: [Wireshark-dev] tshark option for reassembled fragment output
  - From: Hadriel Kaplan
- Re: [Wireshark-dev] tshark option for reassembled fragment output
  - From: Evan Huus
- Re: [Wireshark-dev] tshark option for reassembled fragment output
  - From: Christopher Maynard
- Re: [Wireshark-dev] tshark option for reassembled fragment output
  - From: Evan Huus
- Re: [Wireshark-dev] tshark option for reassembled fragment output
  - From: Hadriel Kaplan
- Re: [Wireshark-dev] tshark option for reassembled fragment output
  - From: Evan Huus

Prev by Date: Re: [Wireshark-dev] tshark option for reassembled fragment output
Next by Date: Re: [Wireshark-dev] tshark option for reassembled fragment output
Previous by thread: Re: [Wireshark-dev] tshark option for reassembled fragment output
Next by thread: Re: [Wireshark-dev] tshark option for reassembled fragment output
Index(es):
- Date
- Thread