On Jun 27, 2011, at 6:28 PM, Guy Harris wrote:
>
> On Jun 27, 2011, at 4:30 AM, tuexen@xxxxxxxxxxxxx wrote:
>
>> http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=37802
>>
>> User: tuexen
>> Date: 2011/06/27 04:30 AM
>>
>> Log:
>> Improve the report of illegal capture filters. Also show the interface description.
>
> That fixed
>
> $ ./tshark -i en1 -f fribbbbbit
> Capturing on en1
> tshark: Invalid capture filter "fribbbbbit" for interface en1!
>
> but
>
> $ ./tshark -i en1 fribbbbbit
> Capturing on en1
> tshark: Invalid capture filter "(null)" for interface en1!
>
> is still broken.
It is fixed in r37806. The currently
tshark -i lo0 -i en0 -f icmp sctp
will use sctp as the default capture filter. This means that the above is the same as
tshark -f sctp -i lo0 -i en0 icmp
or
tshark -i lo0 -f sctp -i en0 icmp
However,
tshark -i lo0 -f sctp icmp
does not result in an error anymore.
If we want to keep that behavior, then we must require that no interface specific
capture filter is used when the filter as an argument is given. Which behavior
do you prefer? The code change is simple...
Best regards
Michael
>
> (And, yes, that syntax *is* supposed to work:
>
> $ nroff -man doc/tshark.1 | more
>
> ...
>
> SYNOPSIS
> tshark [ −a <capture autostop condition> ] ...
> [ −b <capture ring buffer option>] ... [ −B <capture buffer size> ]
>
> ...
>
> [ −X <eXtension option>] [ −y <capture link type> ] [ −z <statistics> ]
> [ <capture filter> ]
>
> as it works in tcpdump and snoop.)
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
