http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
Summary: Filtering tshark captures with display filters (-R) no
longer works
Product: Wireshark
Version: 0.99.7
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: Major
Priority: High
Component: TShark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: wireshark@xxxxxxxxxxxxxxxxxxxxx
Build Information:
Could not open file: 'Ericsson.xml', error: No such file or directory
TShark 0.99.7 (SVN Rev 23910)
Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GLib 2.14.3, with WinPcap (version unknown), with libz 1.2.3,
with
libpcre 6.4, with SMI 0.4.5, with ADNS, with Lua 5.1, with GnuTLS 1.6.1, with
Gcrypt 1.2.3, with MIT Kerberos.
Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5.
Built using Microsoft Visual C++ 6.0 build 8804
--
Use a -R display filter with tshark while capturing to a file. For example:
tshark -i 2 -w snork.cap -R "ip.addr == 192.168.1.132"
99.6a: snork.cap contains ONLY those packets filtered in by the display filter.
99.7: The packet count increments based on filtered-in packets, but snork.cap
actually contains ALL packets seen on the interface, not just packets filtered
in by the display filter.
Note that I've priority to high since this basically breaks the previous
functionality which is very useful.
Order of the -R argument does not seem to make a difference.
I didn't test this on other released packages for other systems, only Windows.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
