https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
--- Comment #15 from Sake <sake@xxxxxxxxxx> 2009-10-27 09:04:51 PDT ---
(In reply to comment #14)
> The display filter works fine when reading from a capture file and output to
> the screen but not when writing (-w) to another file. The data in the new file
> is incorrect yet the IP and TCP (sequence and acknowledge numbers) information
> seem the same. Is this the same bug?
>
> The commend in use is tshark -r <file1> -w <file2> -R http.response.code==400
I use "tshark -r <infile> -w <outfile> -R <filter>" a lot and it should work
properly. What do you mean by "The data in the new file is incorrect"? Could it
be that the http response was actually reassembled (ie the response was split
over more than 1 packet on the network)? If so, you are hitting the enhancement
request filed in bug 3315.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
