This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

get progress from tshark.exe

0

I have a set of Windows batch files that create specifically formatted .txt files by running tshark on pre-existing captures with some preset filter settings. Sometimes I am running on very large files and I do not know if tshark is still running or has frozen up. Is there a way to get a text progress bar or percentage complete reported back to the command line?

asked 18 Nov '15, 08:19

Trashman's gravatar image

Trashman
16448
accept rate: 0%


One Answer:

0

Unfortunately for you there isn't.

How would you propose that tshark would output the progress when it's also outputting the results of the dissection for your text files?

answered 18 Nov '15, 09:32

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

I suppose your point is that text file output is only available by redirecting stdout to a text file using ">" therefore anything output by tshark is going to go to that text file. I can see why it's not currently available.

Ideally, I guess, txt would be a format option for the output file designated in -w. Perhaps an auto-detect if the file has a .txt extension, or perhaps a different flag, such as -wt if you want text output. Then tshark could output progress to the standard output while it outputs the data to that file and you could see the progress update as it writes the file.

(18 Nov '15, 10:24) Trashman

I think there's two different scenarios here, the first when performing live capture, is that progress is displayed with packet counts\dissection, and the second, in your use case, when processing an existing capture file.

For the latter I think it would be possible to add another flag to indicate where the dissected output should go and then print the progress to stdout.

Please raise an enhancement request on the Wireshark Bugzilla for this. Patches gratefully accepted.

(19 Nov '15, 02:15) grahamb ♦