Wireshark · Wireshark-users: Re: [Wireshark-users] Apply read filter while writing to file

[Muhammad El-Sergani <msergani@xxxxxxxxx>]

Hello,

At the moment I'm using v1.4.2, I know it's not the latest, but had to have it after a recent switch upgrade.

Can't remember at the moment the older version I was using, but simply typing:

# tethereal/tshark -i ethX -w trace.pcap -R 'sip.To contains 'xxxxxxx''

would work :)

Thanks

//M

On Thu, Mar 7, 2013 at 11:38 PM, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:

On 03/07/2013 11:27 AM, Muhammad El-Sergani wrote:
> Hello all,
>
> After a recent Wireshark update on one of our SIP servers, we are unable to
> apply a read filter while writing the capture file, but rather have to capture
> everything to a host, write that to a file then apply our read filters when
> reading from the file.
>
> This is hard to maintain as our SIP traffic is huge, and just capturing
> everything is unpractical.
>
> Is there a known/method/practice/script that can be used to allow users to apply
> a read filter to a trace session while writing the dump to a file?
>
> Everything is Linux based.
>
> Thanks
> in advance!
> //M
>

Hi,

Can you specify what a recent Wireshark update means? What version did you have
before and what version do you have now?

Thanks,
Jaap

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe