Wireshark mailing list archives
Re: tshark: Read filters were specified both with "-R" and with additional command-line arguments
From: Alan Tu <8libra () gmail com>
Date: Sun, 30 Jan 2011 03:25:11 +0000
Hmm. There are a few things at play. First, your shell environment interprets the command and arguments. Then Tshark does it too. I am pretty certain that the display filter needs to be quoted so that the shell will treat that whole thing as one argument. That's the way I run my scripts. You may want to try putting a backslash in front of the @ sign and see if Tshark likes it better. Try testing using a simple query (no and clauses), once you have that working, then build the complex queries. Alan On 1/30/11, Neil Fraser <cbr250 () gmail com> wrote:
Hi Alan, Thanks for your response, but unfortunately I get: tshark: "@" was unexpected in this context. Regards, On Sun, Jan 30, 2011 at 2:04 PM, Alan Tu <8libra () gmail com> wrote:Neil, I don't have a Linux environment to play with but try surrounding the whole display filter in a quote, like:tshark -r hammer2901b -w 0291400000 -R "sip.to.addr == sip:0291400000@192.168.1.1:5060 or sip.to.addr == sip:1887500434779620@123.456.123.456" Alan On 1/30/11, Neil Fraser <cbr250 () gmail com> wrote:Hi, I'm having an issue trying to extract certain calls from a dump I have already made with fairly specific criteria. It appears it doesn't like my quotation marks I am using in my filterfromwireshark. Im a novice at using tshark so i'll explain what im trying to achieve input file : hammer2901b output file: 0291400000 filter: sip.to.addr == "sip:0291400000@192.168.1.1:5060" or sip.to.addr=="sip:1887500434779620@123.456.123.456" command I'm attempting to use in a linux environment: tshark -r hammer2901b -w 0291400000 -R sip.to.addr == " sip:0291400000@192.168.1.1:5060" or sip.to.addr == "sip:1887500434779620@123.456.123.456" output always remains as: tshark: Read filters were specified both with"-R"and with additional command-line arguments Any advice greatly appreciated. Regards, Neil Fraser.___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- tshark: Read filters were specified both with "-R" and with additional command-line arguments Neil Fraser (Jan 29)
- Re: tshark: Read filters were specified both with "-R" and with additional command-line arguments Alan Tu (Jan 29)
- Re: tshark: Read filters were specified both with "-R" and with additional command-line arguments Neil Fraser (Jan 29)
- Re: tshark: Read filters were specified both with "-R" and with additional command-line arguments Alan Tu (Jan 29)
- Re: tshark: Read filters were specified both with "-R" and with additional command-line arguments Neil Fraser (Jan 29)
- Re: tshark: Read filters were specified both with "-R" and with additional command-line arguments Neil Fraser (Jan 29)
- Re: tshark: Read filters were specified both with "-R" and with additional command-line arguments Alan Tu (Jan 29)
- Re: tshark: Read filters were specified both with "-R" and with additional command-line arguments Sake Blok (Jan 30)