yes that is what i am saying, when i
try to give a filter from Wireshark GUI i am able to do so, but
I want the same scenario in command line also....not from GUI.
"Gilbert Ramirez"
<gram@xxxxxxxxxxxxxxx>
Sent by: wireshark-dev-bounces@xxxxxxxxxxxxx
07/02/2007 11:31 AM
Please respond to
Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx> |
|
To
| "Developer support list for Wireshark"
<wireshark-dev@xxxxxxxxxxxxx>
|
cc
|
|
Subject
| Re: [Wireshark-dev] filter _expression_
required |
|
A pcap filter? You mean a capture file? The pcap/capture
filter syntax does not provide a 'contains' keyword, so it's not possible.
You can only use 'contains' in the display filter syntax, which is unique
to wireshark (and tshark, etc.)
--gilbert
On 7/2/07, Amit Paliwal <Amit.Paliwal@xxxxxxxxxxxxxxx>
wrote:
yes i am using 'contains' keyword, and i am giving name of my protocol
which is a string.....
i am running it on Windows and i used 'udp contains my_protocol' also but
its not working.......
i need to give filter expressions defined by pcap, but i am not getting
any documentation of it.
You're really using the "contains" keyword?
That's for strings and
binary strings.
The spaces in your filter are probably confusing the shell when you
invoke wireshark/tshark from the command-line. Are you running on
Unix? Use single quotes around your filter:
tshark ............ 'udp contains xxx'
--gilbert
On 7/2/07, Amit Paliwal <Amit.Paliwal@xxxxxxxxxxxxxxx>
wrote:
>
> I want to set command line filter _expression_ for proprietary protocol
that
> is registered over UDP by its name. I am able to do it directly in
Wireshark
> GUI by setting the _expression_ as "UDP contains my_protocol",
but I need to
> do the same from command line that I am unable to do right now.
>
> Please suggest.
>
> Regards,
>
> ______________________________________________________________________
>
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
>
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
______________________________________________________________________
______________________________________________________________________
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
_____________________________________________________________________________________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
______________________________________________________________________