Wireshark-dev: Re: [Wireshark-dev] [Wireshark-bugs] [Bug 2874] New: dumpcap unnecessarily delay
From: "Luis EG Ontanon" <luis@xxxxxxxxxxx>
Date: Mon, 15 Sep 2008 16:39:46 +0200
a workarround: tcpdump -w - | tshark -r - On Mon, Sep 15, 2008 at 2:25 PM, <bugzilla-daemon@xxxxxxxxxxxxx> wrote: > https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2874 > > Summary: dumpcap unnecessarily delays tshark > Product: Wireshark > Version: 1.0.2 > Platform: All > OS/Version: All > Status: NEW > Severity: Normal > Priority: Low > Component: TShark > AssignedTo: wireshark-bugs@xxxxxxxxxxxxx > ReportedBy: stephane_chazelas@xxxxxxxx > > > Build Information: > TShark 1.0.3 > > Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors. > This is free software; see the source for copying conditions. There is NO > warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. > > Compiled with GLib 2.16.5, with libpcap 0.9.8, with libz 1.2.3.3, with POSIX > capabilities (Linux), with libpcre 7.6, without SMI, with ADNS, with Lua 5.1, > with GnuTLS 2.4.1, with Gcrypt 1.4.1, with MIT Kerberos. > > Running on Linux 2.6.24.2, with libpcap version 0.9.8. > > Built using gcc 4.3.2. > > -- > When using tshark -li- > > tshark spawns dumpcap. > > dumpcap performs a loop that reads pcap packets from stdin, and writes > instructions to tshark. > > However, dumpcap will only send packets to tshark once per second. The code in > dumpcap.c has: > > /* Only update once a second (Win32: 500ms) so as not to overload slow > * displays. This also prevents too much context-switching between the > * dumpcap and wireshark processes */ > > While that can be understood of wireshark, it cannot really of tshark. One > generally wants tshark to output packets as soon as they are received > especially if the -l option is given. IMO, if wireshark has a limitation in > that it shouldn't be refreshed too often, then the waiting should be in the > code of wireshark, not in dumpcap, or at least there should be an option that > wireshark passes to dumpcap to enable that "waiting". > > > > A consequence of that is that the output of tshark is delayed unncessarily. > This is especially annoying for the script I was trying to make: > > It is a script that decodes the output of some "tracing" command that outputs > hexdumps of SCCP packets. > > It opens a set of pipes (for input and output) to the tshark -Vli- command, and > in a loop does a: > > - write a pcap packet to the pipe to tshark input > - read the decoded packet from the pipe from tshark output > - write to stdout the coded and decoded packets > > Because of the "sleeping" in dumpcap, that script can only decode one packet > per second. > > > -- > Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email > ------- You are receiving this mail because: ------- > You are the assignee for the bug. > _______________________________________________ > Wireshark-bugs mailing list > Wireshark-bugs@xxxxxxxxxxxxx > https://wireshark.org/mailman/listinfo/wireshark-bugs > -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan
- Prev by Date: Re: [Wireshark-dev] RPM build - configure parameters
- Next by Date: [Wireshark-dev] buildbot failure in Wireshark (development) on OSX-10.5-x86
- Previous by thread: [Wireshark-dev] Capturing Wifi0 packets
- Next by thread: [Wireshark-dev] Need help in debugging custom plugin on linux
- Index(es):