Wireshark · Wireshark-dev: Re: [Wireshark-dev] Adding pcap-ng pipe support to dumpcap

Wireshark-dev: Re: [Wireshark-dev] Adding pcap-ng pipe support to dumpcap

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>

Date: Fri, 1 Sep 2017 11:26:37 -0400

On Thu, Aug 31, 2017 at 2:32 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:

On Aug 31, 2017, at 11:09 AM, Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> wrote:

> A counter argument to this would be that there are some advantages to not using a (temporary) file as the buffer packets.

For Wireshark, you have no alternative, as packets aren't processed only once.

For TShark with -2, the same applies.

TShark with one pass is the one place where you wouldn't want a temporary file.

Ah, I guess implicit in my statement was the thought that we'd (have to) go back to *shark writing the file.

Which would mean that while it could solve the 2 bugs it wouldn't do anything about the fact that the data's going to a file (except that it would allow the user to limit how much data is going to the file with a read filter). (So my 3rd point is somewhat meaningless.)

Prev by Date: Re: [Wireshark-dev] Wireshark 2.4.1 build errors (with Qt 4)
Next by Date: Re: [Wireshark-dev] Adding pcap-ng pipe support to dumpcap
Previous by thread: Re: [Wireshark-dev] Adding pcap-ng pipe support to dumpcap
Next by thread: Re: [Wireshark-dev] Wireshark 2.4.1 build errors (with Qt 4)
Index(es):
- Date
- Thread