Wireshark mailing list archives

Re: tshark: Read filters were specified both with "-R" and with additional command-line arguments

From: Neil Fraser <cbr250 () gmail com>
Date: Sun, 30 Jan 2011 14:14:04 +1100

Hi Alan,

Thanks for your response, but unfortunately I get:

tshark: "@" was unexpected in this context.

Regards,


On Sun, Jan 30, 2011 at 2:04 PM, Alan Tu <8libra () gmail com> wrote:

Neil, I don't have a Linux environment to play with but try
surrounding the whole display filter in a quote, like:

tshark -r hammer2901b -w 0291400000 -R "sip.to.addr ==
sip:0291400000@192.168.1.1:5060 or sip.to.addr ==
sip:1887500434779620@123.456.123.456"

Alan


On 1/30/11, Neil Fraser <cbr250 () gmail com> wrote:

Hi,

I'm having an issue trying to extract certain calls from a dump I have
already made with fairly specific criteria.

It appears it doesn't like my quotation marks I am using in my filter

from

wireshark. Im a novice at using tshark so i'll explain what im trying to
achieve

input file : hammer2901b
output file: 0291400000
filter: sip.to.addr == "sip:0291400000@192.168.1.1:5060" or sip.to.addr

==

"sip:1887500434779620@123.456.123.456"

command I'm attempting to use in a linux environment:
tshark -r hammer2901b -w 0291400000 -R sip.to.addr == "
sip:0291400000@192.168.1.1:5060" or sip.to.addr ==
"sip:1887500434779620@123.456.123.456"

output always remains as: tshark: Read filters were specified both with

"-R"

and with additional command-line arguments

Any advice greatly appreciated.

Regards,
Neil Fraser.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

tshark: Read filters were specified both with "-R" and with additional command-line arguments Neil Fraser (Jan 29)
- Re: tshark: Read filters were specified both with "-R" and with additional command-line arguments Alan Tu (Jan 29)
  - Re: tshark: Read filters were specified both with "-R" and with additional command-line arguments Neil Fraser (Jan 29)
    - Re: tshark: Read filters were specified both with "-R" and with additional command-line arguments Alan Tu (Jan 29)
    - Re: tshark: Read filters were specified both with "-R" and with additional command-line arguments Neil Fraser (Jan 29)
- Re: tshark: Read filters were specified both with "-R" and with additional command-line arguments Sake Blok (Jan 30)