Wireshark-users: Re: [Wireshark-users] tshark buffered packet dissection -- no realtime output?
From: Lee <ler762@xxxxxxxxx>
Date: Fri, 12 Jan 2018 14:31:36 -0500
On 1/12/18, Ralph Schmieder <ralph.schmieder@xxxxxxx> wrote:
> running tshark on Fedora 26 (TShark (Wireshark) 2.2.8
> (wireshark-2.2.8)). I get packets in pcap-ng format from a REST API
> which I feed via stdin into tshark like this:
>
> curl $API | tshark -l -r - -T text
>
> This basically works. However, the output is buffered, despite using the
> '-l' option. E.g. only after a couple of packets have arrived, the
> buffer is flushed and the dissected packets are printed. I also
> experimented with stdbuf for the curl command but that didn't help
> either.

does "curl --no-buffer $API" make any difference?

       -N, --no-buffer
              Disables the buffering of the output stream. In normal
work situations, curl will use a standard  buffered  output
              stream  that  will  have  the effect that it will output
the data in chunks, not necessarily exactly when the data
              arrives.  Using this option will disable that buffering.

Regards,
Lee