Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Is it a bug with Wireshark?

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Vinay Chilakamarri" <vinay.chilakamarri@xxxxxxxxx>
Date: Mon, 14 Apr 2008 10:22:05 -0700
Thanks Jaap. I am excited to know that my incorrect way of specifying data along with an argument that was intended to do something else gave rise to another feature that could potentially be added to Wireshark. Yeah it will definitely be nice to have one such argument for a command line based invocation of Wireshark.

Best,
Vinay

On Mon, Apr 14, 2008 at 10:10 AM, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:
Hi,

Yes, it states: "This option specifies a display filter to be applied when
*reading packets from a capture file*."

You're not reading from a capture file, you're doing a life capture. That's a
different thing.

Sure it would be nice to have, but it's not there yet.

Thanx,
Jaap


Vinay Chilakamarri wrote:
> I went through the message posted by Jason before trying out the "-R"
> argument. I thought that this feature might have got included after I
> saw the documentation for commandline start for wireshark, which
> specifies a note for "-R"
>
> http://www.wireshark.org/docs/wsug_html_chunked/ChCustCommandLine.html
>
>
>
> On Sun, Apr 13, 2008 at 8:35 AM, Jaap Keuter <jaap.keuter@xxxxxxxxx
> <mailto:jaap.keuter@xxxxxxxxx>> wrote:
>
>     Hi,
>
>     You're trying to use a read filter as display filter for a running
>     capture.
>     That is not supported. You can use -R with -r.
>
>     You might want to file a improvement request on bugzilla for that.
>
>     Thanx,
>     Jaap
>
>
>     Vinay Chilakamarri wrote:
>      > Hi,
>      >
>      > After many attempts at this, I couldn't understand why WireShark
>      > disregards the "-R" argument. I worked with tshark with valid display
>      > filters and passed them with "-R" argument and they were working as
>      > expected. But when I try the same with wireshark, no matter how I
>     tried
>      > supplying the filter with "-R" argument, it displays all of the
>     packets.
>      > I tried this in windows, while it doesn't filter anything:
>      >
>      > wireshark -f "udp port 37112" -i2 -k
>      -R"(wlan.addr==00:2E:E0:76:5D:83)"
>      >
>      > wireshark -f "udp port 37112"
>     -R"wlan.addr==\"00:2E:E0:76:5D:83"" -i2 -k
>      >
>      > wireshark -f "udp port 37112"   -R'wlan.addr==00:2E:E0:76:5D:83'
>     -i2 -k
>      >
>      > wireshark -f "udp port 37112"   -R wlan.addr==00:2E:E0:76:5D:83
>     -i2 -k
>      >
>      >
>

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube