On Oct 9, 2007, at 1:17 PM, Ulf Lamping wrote:
WHY IS STDOUT NOT POSSIBLE?
Well, it's possible but just not implemented.
The current implementation simply passes the filename from tshark to
dumpcap, which then will mess up it's own stdout with the event
messages
and packet data.
It's no vodoo magic to make it work again, but someone (but not me)
has
to made the changes.
I've checked in a change to make dumpcap use its standard error,
rather than its standard output, for the sync pipe; it appears to
allow "tshark -w -" to work, at least when piping to tcpdump on OS X.
I haven't tested it on Windows (my Windows "machine" is currently
sitting on a disk drive I got back from DriveSavers after the drive in
my PowerBook went bad; I haven't yet gotten the drive in the PowerBook
replaced yet, so I can't figure up Virtual PC), but it looks as if it
should work, at least based on
http://support.microsoft.com/kb/190351
which says that, to *not* redirect one of the standard handles in a
CreateProcess() call when you're redirecting others, just set the
appropriate handle to GetStdHandle(the appropriate #define), which I'm
assuming is STD_OUTPUT_HANDLE to leave the standard output alone.