Wireshark

  • Riverbed Technology
  • WinPcap
SHARKFEST '13 - Wireshark Developer and User Conference - June 16-19, 2013 - UC Berkeley
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] Bug 1029 - Tshark -R doesn't support "frame.time >= Jul 20, 2006 17:51:38.368"

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>
Date: Tue, 14 Sep 2010 14:20:07 -0400

I just copied the original command line you gave and passed it to a bash shell in Cygwin. That worked whereas doing the same thing in a cmd.exe window didn't. 

Steve Evans wrote:

Interesting! Can you give me an example of your syntax in Cygwin? I've only used it a few times.

Thx

/S

--- On Tue, 9/14/10, Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> wrote:


From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>
Subject: Re: [Wireshark-users] Bug 1029 - Tshark -R doesn't support "frame.time >= Jul 20, 2006 17:51:38.368"
To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
Date: Tuesday, September 14, 2010, 12:30 PM
That command line runs fine when I
run it from a Cygwin shell on Windows but the Windows cmd prompt doesn't like it. I suppose Windows' quoting rules are different somehow--I don't know Windows enough to know how to get it to work there. 

Steve Evans wrote:

I'm running XP SP3 with UK English.
--- On Tue, 9/14/10, Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> 
wrote:

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>
Subject: Re: [Wireshark-users] Bug 1029 - Tshark

-R doesn't support "frame.time >= Jul 20, 2006
17:51:38.368"

To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
Date: Tuesday, September 14, 2010, 9:03 AM
Steve Evans wrote:

I've been following the thread here:

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1029

...and I'm now running into the same problem.

My

syntax is as follows:

tshark -r 07_test.pcap -R 'frame.time >=
"Aug 
1, 2010 17:39:32.553872000"'

...However, its not being accepted ("parameter

is not

correct").

Does this bug still exist? Am I missing a

quote

somewhere?

I cut-n-paste that command into my shell,

substituted one
of my own file names, and it ran fine. I tried trunk (1.5), 
1.4.0,
and 1.2.10, all on 64-bit Linux. 

What version and OS are you running?  What's

your

locale/language setting?
  • References:
    • Re: [Wireshark-users] Bug 1029 - Tshark -R doesn't support "frame.time >= Jul 20, 2006 17:51:38.368"
      • From: Steve Evans
  • Prev by Date: Re: [Wireshark-users] L2TP-over-IPsec (may be off topic)
  • Next by Date: Re: [Wireshark-users] L2TP-over-IPsec (may be off topic)
  • Previous by thread: Re: [Wireshark-users] Bug 1029 - Tshark -R doesn't support "frame.time >= Jul 20, 2006 17:51:38.368"
  • Next by thread: [Wireshark-users] How does wireshark extract the name of file from filehandle?
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation