Wireshark mailing list archives
Re: tshark: Difference between -R and -Y
From: Evan Huus <eapache () gmail com>
Date: Tue, 7 Jan 2014 19:30:45 -0500
On Tue, Jan 7, 2014 at 7:22 PM, Joerg Mayer <jmayer () loplof de> wrote:
On Sun, Jan 05, 2014 at 07:30:04PM -0500, Evan Huus wrote:Live capture with two-pass dissection is effectively undefined behaviour at this point (I'm surprised you're seeing any packets at all to be honest).Ah, OK. As some "invalid" cases (-R without -2) are rejected I expected that this was a valid combination.
Whoops. I added an explicit error message in r54643. Evan
Everything should work as expected when reading from a capture file.It does. Thanks! JörgOn Sun, Jan 5, 2014 at 4:21 PM, Joerg Mayer <jmayer () loplof de> wrote:I just found out that I don't understand what -R does. If I run tshark -2 -R "udp.port==53" -i wlan0 then it seems that I see all packets (arp, dns, lldp, ...) if I instead run tshark -2 -Y "udp.port==53" -i wlan0 I only see dns. The manpage is not helpful either to explain what I am seeing (snv HEAD / r54612) Can someone please explain what is going on here?-- Joerg Mayer <jmayer () loplof de> We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- tshark: Difference between -R and -Y Joerg Mayer (Jan 05)
- Re: tshark: Difference between -R and -Y Evan Huus (Jan 05)
- Re: tshark: Difference between -R and -Y Joerg Mayer (Jan 07)
- Re: tshark: Difference between -R and -Y Evan Huus (Jan 07)
- Re: tshark: Difference between -R and -Y Joerg Mayer (Jan 07)
- Re: tshark: Difference between -R and -Y Evan Huus (Jan 05)