Wireshark · Wireshark-dev: [Wireshark-dev] FW: Comitt "Catch some cases that don't currently work." broke a use case of tshark

Wireshark-dev: [Wireshark-dev] FW: Comitt "Catch some cases that don't currently work." broke a

From: Anders Broman <anders.broman@xxxxxxxxxxxx>

Date: Wed, 7 Jul 2010 10:37:21 +0200

 
Hi,
http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=33100
Broke this usage of tshark:

tshark -i eth2 -w /tmp/sip.log -R sip -f "((net 10.80.28.96/27 and not iphost 10.80.28.106) or net 10.80.29.128/25)" -z proto,colinfo,sip.Event,sip.Event -z proto,colinfo,sip.Contact,sip.Contact -z proto,colinfo,sip.If_Match,sip.If_Match -z proto,colinfo,sip.Status-Code,sip.Status-Code -z proto,colinfo,sip.CSeq.method,sip.CSeq.method -z proto,colinfo,sip.Method,sip.Method -z proto,colinfo,sip.Via,sip.Via -z proto,colinfo,sip.resend,sip.resend -z proto,colinfo,sip.Content-Length,sip.Content-Length -z proto,colinfo,sip.Expires,sip.Expires -z proto,colinfo,presence.xmlns,presence.xmlns -z proto,colinfo,sip.Status-Line,sip.Status-Line -z proto,colinfo,sip.Subscription-State,sip.Subscription-State -z proto,colinfo,sip.Supported,sip.Supported -z proto,colinfo,sipfrag.line,sipfrag.line -S -a duration:10

The read filter is to limit what's displayed, everything passing the capture filter is written to file.
We also noted that without -w the temp file is left on the system.
Regards
Anders

Follow-Ups:
- Re: [Wireshark-dev] FW: Comitt "Catch some cases that don't currently work." broke a use case of tshark
  - From: Jeff Morriss

Prev by Date: [Wireshark-dev] Faster filtering?
Next by Date: Re: [Wireshark-dev] About the netmask (Was:Wireshark-commits: [Wireshark-commits] rev 33461: /trunk/gtk/ /trunk/gtk/: capture_dlg.c)
Previous by thread: [Wireshark-dev] Faster filtering?
Next by thread: Re: [Wireshark-dev] FW: Comitt "Catch some cases that don't currently work." broke a use case of tshark
Index(es):
- Date
- Thread