On Mon, Nov 06, 2000 at 01:41:52PM +0200, Eyal Rif wrote:
> for example this doesn't work:
>
> tethereal -n -ta -V (ip.src == 192.168.2.115 and ip.dst == 192.168.2.5) -r
> /tmp/sniff.log
For one thing, parentheses are shell metacharacters for most (if not
all) UNIX shells (definitely for Bourne-shell-compatible and
C-shell-compatible shells), so you can't use them with most UNIX shells
without quoting them (or quoting the expression as a whole).
The parentheses aren't necessary in this case, however - enclosing an
entire expression in parentheses doesn't do anything.
Furthermore, the man page says
SYNOPSYS
tethereal [ -c count ] [ -f filter expression ]
[ -F file format ] [ -h ] [ -i interface ] [ -l ] [ -n ]
[ -o preference setting ] ... [ -p ] [ -r infile ]
[ -R filter expression ] [ -s snaplen ]
[ -t time stamp format ] [ -v ] [ -V ] [ -w savefile ]
[ -x ] [ filter expression ]
which indicates that the filter expression must come *after* all the
command-line flags, such as "-r", so even if you remove the parentheses,
or put the expression in quotes, Tethereal won't treat the "-r /tmp/sniff.log"
as a command-line flag to specify which file to read.
Instead, you have to do something such as
tethereal -n -ta -V -r /tmp/sniff.log ip.src == 192.168.2.115 and
ip.dst == 192.168.2.5
> Another question is whether I can apply filers rules into a file and then
> use the file contents as a filter ?
Yes, but you have to do it with
tethereal -n -ta -V -r /tmp/sniff.log "`cat filter_expression_file`"
Ethereal/Tethereal *themselves* have no mechanism to do that.
