Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 2872] New: full trace is saved in file rather than filtered output

Wireshark-bugs: [Wireshark-bugs] [Bug 2872] New: full trace is saved in file rather than filtere

Date: Sun, 14 Sep 2008 03:02:00 -0700 (PDT)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2872

           Summary: full trace is saved in file rather than filtered output
           Product: Wireshark
           Version: unspecified
          Platform: Sun
        OS/Version: Red Hat
            Status: NEW
          Severity: Normal
          Priority: Medium
         Component: TShark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: bhupesh.bharti@xxxxxxxxxxx


Build Information:
12:46:12 [rkparc10:~]$ tshark -version
TShark 0.99.7

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.4.7, with libpcap 0.8.3, with libz 1.2.1.2, without
libpcre, with SMI 0.4.5, without ADNS, without Lua, with GnuTLS 1.0.20, with
Gcrypt 1.2.0, with MIT Kerberos.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on Linux 2.6.9-67.0.7.ELsmp, with libpcap version 0.8.3.

Built using gcc 3.4.6 20060404 (Red Hat 3.4.6-9).
12:46:14 [rkparc10:~]$

--
I am trying to capture some specific live IP traces with following cmd


"tshark -i bond0 -R'udp.port==9200 || udp.port==9201' -w WSP_traffic.test.trc"

This cmd should capture all traffic which is going to udp port 9200 or 9201 and
save the trace in WSP_traffic.test.trc file. This file should contain only
traffic from or to udp port 9200 and 9201.

Its seems like the cmd is capturing full traces rather than filter traces.


12:53:02 [rkparc10:~]$ tshark -i bond0 -R'udp.port==9200 || udp.port==9201' -w
WSP_traffic.test.trc
Running as user "root" and group "root". This could be dangerous.
Capturing on bond0
5 12:54:15 [rkparc10:~]$ ls -l WSP_traffic.test.trc
-rw-------  1 root root 148064452 Sep 14 12:54 WSP_traffic.test.trc
12:54:27 [rkparc10:~]$


The file size in huge as copare to 5 captured packets. I checked that file too,
all sort of traffic is there(its a full trace).

If I dont save the output in file and see it on monitor only then it work fine,
it shows only filtered traces.

Please have a look and suggest some solution for the same.

Thank
Bhupesh Bharti


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Follow-Ups:
- [Wireshark-bugs] [Bug 2872] full trace is saved in file rather than filtered output
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 2870] "Per-packet memory corrupted" crashes if file contains DUA packets
Next by Date: [Wireshark-bugs] [Bug 2870] "Per-packet memory corrupted" crashes if file contains DUA packets
Previous by thread: [Wireshark-bugs] [Bug 2871] Interface: support the MSLoop interface
Next by thread: [Wireshark-bugs] [Bug 2872] full trace is saved in file rather than filtered output
Index(es):
- Date
- Thread