https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
--- Comment #23 from Andrzej Dopierała <undefine@xxxxxxxxxxxxx> 2012-08-23 08:06:25 PDT ---
(In reply to comment #22)
> From r43102 it's possible to use pipe as workaround.
>
> Instead of:
> $ tshark -i XXX -R 'yourfilter' -w file.pcap
> do:
> $ dumpcap -i XXX -w - | tshark -r - -R 'yourfilter' -w file.pcap
>
> It's worthy to mention that wiretap don't have any special handling of pipes,
> and it'll read data in whole I/O block size for pipe (typically 4096B).
> Captured data will be saved with delay, and you might also lose last 4K of
> data.
undefine@uml:~$ sudo dumpcap -i wlan0 -w - | tshark -r - -R 'sip' -w file.pcap
File: -
Packets: 59 tshark: The file "-" could not be opened: Illegal seek.
Packets: 62 Packets dropped: 0
doesn't work on all tshark versions. here i have 1.4.
I just backported tshark from 0.99 to lenny and squeeze and it works fine :)
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.