Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Bug 1029 - Tshark -R doesn't support "frame.time >= Jul 20

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>
Date: Tue, 14 Sep 2010 14:20:07 -0400
I just copied the original command line you gave and passed it to a bash shell in Cygwin. That worked whereas doing the same thing in a cmd.exe window didn't.

Steve Evans wrote:
Interesting! Can you give me an example of your syntax in Cygwin? I've only used it a few times.

Thx

/S

--- On Tue, 9/14/10, Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> wrote:

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>
Subject: Re: [Wireshark-users] Bug 1029 - Tshark -R doesn't support "frame.time >= Jul 20, 2006 17:51:38.368"
To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
Date: Tuesday, September 14, 2010, 12:30 PM
That command line runs fine when I
run it from a Cygwin shell on Windows but the Windows cmd prompt doesn't like it. I suppose Windows' quoting rules are different somehow--I don't know Windows enough to know how to get it to work there.

Steve Evans wrote:
I'm running XP SP3 with UK English.
--- On Tue, 9/14/10, Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>
wrote:
From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>
Subject: Re: [Wireshark-users] Bug 1029 - Tshark
-R doesn't support "frame.time >= Jul 20, 2006
17:51:38.368"
To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
Date: Tuesday, September 14, 2010, 9:03 AM
Steve Evans wrote:
I've been following the thread here:

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1029

...and I'm now running into the same problem.
My
syntax is as follows:
tshark -r 07_test.pcap -R 'frame.time >=
"Aug
1, 2010 17:39:32.553872000"'
...However, its not being accepted ("parameter
is not
correct").
Does this bug still exist? Am I missing a
quote
somewhere?

I cut-n-paste that command into my shell,
substituted one
of my own file names, and it ran fine. I tried trunk (1.5),
1.4.0,
and 1.2.10, all on 64-bit Linux.

What version and OS are you running?  What's
your
locale/language setting?