Wireshark · Wireshark-users: [Wireshark-users] tshark: Difference between -R and -Y

Wireshark-users: [Wireshark-users] tshark: Difference between -R and -Y

From: Joerg Mayer <jmayer@xxxxxxxxx>

Date: Sun, 5 Jan 2014 22:21:57 +0100

Hello,

I just found out that I don't understand what -R does.

If I run
tshark -2 -R "udp.port==53" -i wlan0
then it seems that I see all packets (arp, dns, lldp, ...)
if I instead run
tshark -2 -Y "udp.port==53" -i wlan0
I only see dns.
The manpage is not helpful either to explain what I am seeing
(snv HEAD / r54612)

Can someone please explain what is going on here?

Thanks
    Jörg
-- 
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.

Follow-Ups:
- Re: [Wireshark-users] tshark: Difference between -R and -Y
  - From: Evan Huus

Prev by Date: [Wireshark-users] https://ask.wireshark.org seems having problem
Next by Date: Re: [Wireshark-users] tshark: Difference between -R and -Y
Previous by thread: [Wireshark-users] https://ask.wireshark.org seems having problem
Next by thread: Re: [Wireshark-users] tshark: Difference between -R and -Y
Index(es):
- Date
- Thread