Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: tshark: Read filters were specified both with "-R" and with additional command-line arguments

From: Sake Blok <sake () euronet nl>
Date: Sun, 30 Jan 2011 10:20:57 +0100
On 30 jan 2011, at 03:58, Neil Fraser wrote:


command I'm attempting to use in a linux environment:
tshark -r hammer2901b -w 0291400000 -R sip.to.addr == "sip:0291400000@192.168.1.1:5060" or sip.to.addr == 
"sip:1887500434779620@123.456.123.456"

output always remains as: tshark: Read filters were specified both with "-R" and with additional command-line 
arguments


That is because tshark will interpret this as "-R sip.to.addr" and use the rest of the commandline arguments as a read 
filter. So either you drop the -R or you have to make sure that the argument after -R is one string. You can do this by 
placing the whole filter within single quotes:

-R 'sip.to.addr == "sip:0291400000@192.168.1.1:5060" or sip.to.addr == "sip:1887500434779620@123.456.123.456" '

Cheers,
Sake
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: