Neil, I don't have a Linux environment to play with but try
surrounding the whole display filter in a quote, like:
tshark -r hammer2901b -w 0291400000 -R "sip.to.addr ==
sip:[email protected]:5060 or sip.to.addr ==
sip:[email protected]"
Alan
On 1/30/11, Neil Fraser <cbr250@xxxxxxxxx> wrote:
> Hi,
>
> I'm having an issue trying to extract certain calls from a dump I have
> already made with fairly specific criteria.
>
> It appears it doesn't like my quotation marks I am using in my filter from
> wireshark. Im a novice at using tshark so i'll explain what im trying to
> achieve
>
> input file : hammer2901b
> output file: 0291400000
> filter: sip.to.addr == "sip:[email protected]:5060" or sip.to.addr ==
> "sip:[email protected]"
>
> command I'm attempting to use in a linux environment:
> tshark -r hammer2901b -w 0291400000 -R sip.to.addr == "
> sip:[email protected]:5060" or sip.to.addr ==
> "sip:[email protected]"
>
> output always remains as: tshark: Read filters were specified both with "-R"
> and with additional command-line arguments
>
> Any advice greatly appreciated.
>
> Regards,
> Neil Fraser.
>
