Wireshark-bugs: [Wireshark-bugs] [Bug 11556] New: TShark does not display all packets even when
Bug ID |
11556
|
Summary |
TShark does not display all packets even when they match a given read filter
|
Product |
Wireshark
|
Version |
1.12.2
|
Hardware |
x86
|
OS |
Ubuntu
|
Status |
UNCONFIRMED
|
Severity |
Major
|
Priority |
Low
|
Component |
TShark
|
Assignee |
bugzilla-admin@wireshark.org
|
Reporter |
gangarmihir90@gmail.com
|
Created attachment 13893 [details]
Capture file used for the example mentioned in description
Build Information:
TShark 1.12.2 (Git Rev Unknown from unknown)
Copyright 1998-2014 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (32-bit) with GLib 2.34.0, with libpcap, with libz 1.2.3, without
POSIX
capabilities, without libnl, without SMI, without c-ares, without ADNS, without
Lua, without Python, without GnuTLS, with Gcrypt 1.4.6, with MIT Kerberos,
without GeoIP.
Running on Linux 3.8.0-19-generic, with locale en_US.UTF-8, with libpcap
version
1.5.3, with libz 1.2.7.
Built using gcc 4.1.2 20080704 (Red Hat 4.1.2-55).
--
While trying to read packets from a capture file using read filter (-R) and
"-2" option, I see that packets that exist and actually match the filter do not
get displayed.
1) This filter does not display any packets
$tshark -r tshark123.cap -n -d udp.port==9999,cflow -T fields -e cflow.srcaddr
-R "ip.src="" && cflow.srcaddr==192.168.104.113" -
2
$
2) This proves the packets actually match the filter.
$tshark -r tshark123.cap -n -d udp.port==9999,cflow -T fields -e cflow.srcaddr
-R "ip.src="" -2 | grep 192.168.104.113
192.168.104.113
192.168.104.113
$
3) This again does not display any packets.
$tshark -r tshark123.cap -n -d udp.port==9999,cflow -T fields -e cflow.srcaddr
-Y "ip.src="" && cflow.srcaddr==192.168.104.113"
$
4) Using -Y with -2 matches the packets.
$tshark -r tshark123.cap -n -d udp.port==9999,cflow -T fields -e cflow.srcaddr
-Y "ip.src="" && cflow.srcaddr==192.168.104.113" -2
192.168.104.113
192.168.104.113
$
You are receiving this mail because:
- You are watching all bug changes.