Вы писали 8 сентября 2009 г., 23:01:52:
I suppose you mean Display filter. Display filters work online(while capture is going on) and offline. Its syntax is different from capture filters. What does WIKI say about the syntax?
On Tue, Sep 8, 2009 at 2:51 PM, Christopher Wooley <support@xxxxxxxxxxxxxxxxxxxx> wrote:
figured it out. I searched through the expressions list, until I found it. Does the WIKI need to be updated?
From: Christopher Wooley [mailto:support@xxxxxxxxxxxxxxxxxxxx]
Sent: Tue, 08 Sep 2009 13:44:24 -0500
Subject: [Wireshark-users] Active filter
I am trying to filter an active capture for port 3250, but when I use "tcp port 3250" in the filter I get "port was unexpected in this context" What's the correct way to do this?
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
I need to filter *.cap file so I am using something like
>tshark -r H:\GRE.cap -T fields "-e frame.number -e ppp -e mp -e ppp" -e frame.number -e ppp -e mp -e ppp