On Jan 13, 2018, at 9:19 AM, Eldon <wireshark-users@xxxxxxxxxxxx> wrote:
> I realize this is a longshot, but my mind immediately went to pipe
> buffering as well, and a comment on stackoverflow[1] seems to indicate
> that there are some situations where stdbuf -o0 will not work due to a
> variety of security measures or alternate configs/stdlibs. Since tshark
> might have some certain capabilities flags set, I just thought it might
> be worth checking!
Whatever capability flags are set on tshark would matter only if he's using stdbuf on tshark; if he's using it on curl, the issue would be whether *curl*, not *tshark*, prevented dynamic library injection.
And the actual issue is in the low-level code (*very* low-level code) in libwiretap that TShark uses to read the capture; that code isn't using the "standard I/O" libraries, so stdbuf won't affect it. Even if curl *isn't* buffering its output, TShark, in effect, reads it as if it were buffered.