Wireshark mailing list archives
Re: [Wireshark-commits] rev 37802: /trunk/ /trunk/: capture.c dumpcap.c tshark.c
From: Michael Tüxen <Michael.Tuexen () lurchi franken de>
Date: Mon, 27 Jun 2011 21:13:00 +0200
On Jun 27, 2011, at 6:28 PM, Guy Harris wrote:
On Jun 27, 2011, at 4:30 AM, tuexen () wireshark org wrote:http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=37802 User: tuexen Date: 2011/06/27 04:30 AM Log: Improve the report of illegal capture filters. Also show the interface description.That fixed $ ./tshark -i en1 -f fribbbbbit Capturing on en1 tshark: Invalid capture filter "fribbbbbit" for interface en1! but $ ./tshark -i en1 fribbbbbit Capturing on en1 tshark: Invalid capture filter "(null)" for interface en1! is still broken.
It is fixed in r37806. The currently tshark -i lo0 -i en0 -f icmp sctp will use sctp as the default capture filter. This means that the above is the same as tshark -f sctp -i lo0 -i en0 icmp or tshark -i lo0 -f sctp -i en0 icmp However, tshark -i lo0 -f sctp icmp does not result in an error anymore. If we want to keep that behavior, then we must require that no interface specific capture filter is used when the filter as an argument is given. Which behavior do you prefer? The code change is simple... Best regards Michael
(And, yes, that syntax *is* supposed to work:
$ nroff -man doc/tshark.1 | more
...
SYNOPSIS
tshark [ −a <capture autostop condition> ] ...
[ −b <capture ring buffer option>] ... [ −B <capture buffer size> ]
...
[ −X <eXtension option>] [ −y <capture link type> ] [ −z <statistics> ]
[ <capture filter> ]
as it works in tcpdump and snoop.)
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: [Wireshark-commits] rev 37802: /trunk/ /trunk/: capture.c dumpcap.c tshark.c Guy Harris (Jun 27)
- Re: [Wireshark-commits] rev 37802: /trunk/ /trunk/: capture.c dumpcap.c tshark.c Michael Tüxen (Jun 27)
- Re: [Wireshark-commits] rev 37802: /trunk/ /trunk/: capture.c dumpcap.c tshark.c Michael Tüxen (Jun 27)
- Re: [Wireshark-commits] rev 37802: /trunk/ /trunk/: capture.c dumpcap.c tshark.c Guy Harris (Jun 27)
- Re: [Wireshark-commits] rev 37802: /trunk/ /trunk/: capture.c dumpcap.c tshark.c Michael Tüxen (Jun 27)
- Re: [Wireshark-commits] rev 37802: /trunk/ /trunk/: capture.c dumpcap.c tshark.c Joerg Mayer (Jun 28)
- Re: [Wireshark-commits] rev 37802: /trunk/ /trunk/: capture.c dumpcap.c tshark.c Michael Tüxen (Jun 28)
- Re: [Wireshark-commits] rev 37802: /trunk/ /trunk/: capture.c dumpcap.c tshark.c Michael Tüxen (Jun 28)
- Re: [Wireshark-commits] rev 37802: /trunk/ /trunk/: capture.c dumpcap.c tshark.c Guy Harris (Jun 27)