Wireshark mailing list archives
Capture filter
From: Tharaneedharan Vilwanathan <vdharani () gmail com>
Date: Thu, 15 Sep 2011 15:25:23 -0700
Hi All, I have a quick question on capture filter. I use named pipe to pass the packets to tshark. With a capture filter, I tried to (a) store packets, (b) display and (c) store and display the packets. $ tshark -i pipe_to_tshark -w test.pcap -f 'udp port 1900' $ tshark -i pipe_to_tshark -S -f 'udp port 1900' $ tshark -i pipe_to_tshark -w test.pcap -S -f 'udp port 1900' In all the above cases, packets dont seem to be filtered. From the documentation, it looks like capture filter is valid only for live traffic. Is the traffic arriving via named pipe considered live traffic? If so, why is the filtering not happening? If not, why tshark doesn't throw an error message? I remember capture filter being applied in kernel for live traffic which doesn't apply for my case above but just wanted to confirm, since I didnt see any error message for the above usages. I tried tshark 1.0.7 but I can try a later version if thats the problem. Please share your thoughts. Also, appreciate any pointers on capture filter implementation. Thanks dharani ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Capture filter Tharaneedharan Vilwanathan (Sep 15)
- Re: Capture filter Tharaneedharan Vilwanathan (Sep 16)
- Re: Capture filter Chris Maynard (Sep 16)
- <Possible follow-ups>
- capture filter Andrej van der Zee (Sep 28)
- Re: capture filter Tony Trinh (Sep 28)
- Re: capture filter Andrej van der Zee (Sep 28)
- Re: capture filter Guy Harris (Sep 28)
- Re: capture filter Andrej van der Zee (Sep 28)
- Re: capture filter Tony Trinh (Sep 28)