Wireshark-dev: [Wireshark-dev] FW: Comitt "Catch some cases that don't currently work." broke a
From: Anders Broman <[email protected]>
Date: Wed, 7 Jul 2010 10:37:21 +0200
 
Hi,
http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=33100
Broke this usage of tshark:

tshark -i eth2 -w /tmp/sip.log -R sip -f "((net 10.80.28.96/27 and not iphost 10.80.28.106) or net 10.80.29.128/25)" -z proto,colinfo,sip.Event,sip.Event -z proto,colinfo,sip.Contact,sip.Contact -z proto,colinfo,sip.If_Match,sip.If_Match -z proto,colinfo,sip.Status-Code,sip.Status-Code -z proto,colinfo,sip.CSeq.method,sip.CSeq.method -z proto,colinfo,sip.Method,sip.Method -z proto,colinfo,sip.Via,sip.Via -z proto,colinfo,sip.resend,sip.resend -z proto,colinfo,sip.Content-Length,sip.Content-Length -z proto,colinfo,sip.Expires,sip.Expires -z proto,colinfo,presence.xmlns,presence.xmlns -z proto,colinfo,sip.Status-Line,sip.Status-Line -z proto,colinfo,sip.Subscription-State,sip.Subscription-State -z proto,colinfo,sip.Supported,sip.Supported -z proto,colinfo,sipfrag.line,sipfrag.line -S -a duration:10

The read filter is to limit what's displayed, everything passing the capture filter is written to file.
We also noted that without -w the temp file is left on the system.
Regards
Anders