Wireshark-dev: Re: [Wireshark-dev] tshark: drop features "dump to stdout" and"readfilter" - con
Maynard, Chris wrote:
Hmm, I wonder what the point of doing "tshark -w - > /some/file" is when
you could just do "tshark -w /some/file"?
It's normally used in a more interesting way than my trivial
example--for example sending the output to a pipe which then eventually
sends the output to a file. Something like:
ssh root@somehost "tshark -w -" > /some/file
(so tshark gets executed on 'somehost' but the output file is created on
your local machine.)
Anyway, I tried it and it seems to work better, although compared to the
0.99.6 version, the output differs given the same options. I would
expect the output to be the same, no?
Running "tshark.exe -p -i 4 -f icmp -c 4 -w - > tsharktest.cap":
tshark-SVN-23133:
"C:\wireshark-gtk2\tshark.exe" -r tsharktest.cap
1 0.000000 192.168.1.100 -> 192.168.1.1 74
2 0.000272 192.168.1.1 -> 192.168.1.100 74
3 1.002940 192.168.1.100 -> 192.168.1.1 74
4 1.003186 192.168.1.1 -> 192.168.1.100 74
tshark-0.99.6:
"C:\Program Files\Wireshark\tshark.exe" -r tsharktest.cap
No log handling enabled - turning on stderr logging
1 0.000000 192.168.1.100 -> 192.168.1.1 74 ICMP Echo (ping) request
2 0.000305 192.168.1.1 -> 192.168.1.100 74 ICMP Echo (ping) reply
3 1.001864 192.168.1.100 -> 192.168.1.1 74 ICMP Echo (ping) request
4 1.002157 192.168.1.1 -> 192.168.1.100 74 ICMP Echo (ping) reply
Hmmm, yeah. I'll see if I can get my Windows build going again though
IIRC I never could capture stuff with my own builds.