Wireshark · Wireshark-dev: [Wireshark-dev] tshark with -R less than stellar

Wireshark-dev: [Wireshark-dev] tshark with -R less than stellar

From: Joerg Mayer <jmayer@xxxxxxxxx>

Date: Sun, 12 Mar 2017 12:36:39 +0100

Hello,

I stmbled on https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234 and
the situation looks less than stellar (also documented in comment 25):

tshark -i utun2 -R "ip.addr==10.122.4.12"
tshark: -R without -2 is deprecated. For single-pass filtering use -Y.

tshark -i utun2 -Y "ip.addr==10.122.4.12"
Capturing on 'utun2'
...
^C4 packets captured

tshark -w test.pcapng -i utun2 -Y "ip.addr==10.122.4.12"
tshark: Display filters aren't supported when capturing and saving the captured packets.

tshark -w test.pcapng -i utun2 -R "ip.addr==10.122.4.12"
tshark: -R without -2 is deprecated. For single-pass filtering use -Y.

tshark -w test.pcapng -i utun2 -R "ip.addr==10.122.4.12" -2
tshark: Live captures do not support two-pass analysis.

IMO we need a solution that doesn't violate the principle of least surprise
quite as much as the current situation.

Ideas?

Thanks!
   Jörg
-- 
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.

Prev by Date: Re: [Wireshark-dev] https://code.wireshark.org/review/a/wireshark returns 404
Next by Date: Re: [Wireshark-dev] Lua embedded into C++
Previous by thread: Re: [Wireshark-dev] https://code.wireshark.org/review/a/wireshark returns 404
Next by thread: Re: [Wireshark-dev] Lua embedded into C++
Index(es):
- Date
- Thread