Wireshark mailing list archives
Re: FW: Comitt "Catch some cases that don't currently work." broke a use case of tshark
From: Jeff Morriss <jeff.morriss.ws () gmail com>
Date: Wed, 07 Jul 2010 11:02:42 -0400
Anders Broman wrote:
Hi, http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=33100 Broke this usage of tshark: tshark -i eth2 -w /tmp/sip.log -R sip -f "((net 10.80.28.96/27 and not iphost 10.80.28.106) or net 10.80.29.128/25)" -z proto,colinfo,sip.Event,sip.Event -z proto,colinfo,sip.Contact,sip.Contact -z proto,colinfo,sip.If_Match,sip.If_Match -z proto,colinfo,sip.Status-Code,sip.Status-Code -z proto,colinfo,sip.CSeq.method,sip.CSeq.method -z proto,colinfo,sip.Method,sip.Method -z proto,colinfo,sip.Via,sip.Via -z proto,colinfo,sip.resend,sip.resend -z proto,colinfo,sip.Content-Length,sip.Content-Length -z proto,colinfo,sip.Expires,sip.Expires -z proto,colinfo,presence.xmlns,presence.xmlns -z proto,colinfo,sip.Status-Line,sip.Status-Line -z proto,colinfo,sip.Subscription-State,sip.Subscription-State -z proto,colinfo,sip.Supported,sip.Supported -z proto,colinfo,sipfrag.line,sipfrag.line -S -a duration:10 The read filter is to limit what's displayed, everything passing the capture filter is written to file.
That behavior itself is a bug, see: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234 (It used to be that read filters also controlled what went to the disk.) I would really love to get read filters (during capturing) working again but I have no idea when I'll find the time.
We also noted that without -w the temp file is left on the system.
Yep, I see that too. That file used to be cleaned up, didn't it? ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- FW: Comitt "Catch some cases that don't currently work." broke a use case of tshark Anders Broman (Jul 07)
- Re: FW: Comitt "Catch some cases that don't currently work." broke a use case of tshark Jeff Morriss (Jul 07)