Re: Woes with batch file...plz assist !!!

[Martin Visser <martinvisser99 () gmail com>]

I think you will find that the whole point of a capture filter is to
minimise the work needing to be done during capture time. As such their is
minimal (even no ) functionality to search for arbitrary text.

As such I would suggest using tshark with a "-R" display filter using the
"contains" or "matches" keyword.as appropriate.

Regards, Martin

MartinVisser99 () gmail com


On Tue, Aug 17, 2010 at 7:15 AM, <sblaber () rockwellcollins com> wrote:

> Users  -
>
>         I have been using Wireshark to capture test data.  The Wireshark
> filter is as follows:
>
>         ip.src==10.10.2.1 and (ip[0:] contains 00:00:87:00:00:00:18) or
> (ip[0:] contains 00:00:86:00:00:00:50)
>
>         The desire is to parse all traffic by the Unit Under Test IP
> (10.10.2.1), then finding a record payload that has either the 87 or 86
> above (tells me fault files).
>
>         Life is great and working with Wireshark (nice tool!!!) but here is
> my problem...  I need to automate w/o a user intervention.  I have a batch
> file working but the Wireshark filter above is NOT a cut and paste for the
> Command Prompt...:
>
>         "c:\program files\wireshark\dumpcap.exe" -i 1 -f "src host
> 10.10.2.1 && (ip[51:1] = 134 || ip[51:1] = 135)" -a duration:60 -w
> C:\backup\Captures\PBIT_cap.txt
>
>         This assumes that the 86/134 dec and 87/135 dec are in a fixed
> location....murphy now shows it's ugly head and it is in different places in
> the payload of the ethernet record.  So I tried to get the "ip[0:] "
> working.  How do I do this as it seems not to allow dynamic searching during
> capture??
>
> Thanks,
>
> Mr. Steven Blaber
> Principle Test Equipment Engineer, Test Solutions,
> Rockwell Collins Government Systems
> 319-295-4790
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe