So,
Do we elevate this to expected behaviour now and make corrections to the
documentation regarding this?
Thanks,
Jaap
On 03/09/2013 12:18 AM, Jeff Morriss wrote:
> Read filters haven't worked like this in quite a while (since 0.99.7). The bug:
>
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
>
> ... is listed in the "known problems" of each release since then.
>
> It is possible to build a pipeline which will do the same thing, for example:
>
> % dumpcap -w - | tshark -R icmp -r - -w /tmp/foo.pcapng
>
> Muhammad El-Sergani wrote:
>> Hello,
>>
>> At the moment I'm using v1.4.2, I know it's not the latest, but had to have it
>> after a recent switch upgrade.
>>
>> Can't remember at the moment the older version I was using, but simply typing:
>> # tethereal/tshark -i ethX -w trace.pcap -R 'sip.To contains 'xxxxxxx''
>> would work :)
>>
>>
>> Thanks
>> //M
>>
>>
>> On Thu, Mar 7, 2013 at 11:38 PM, Jaap Keuter <jaap.keuter@xxxxxxxxx
>> <mailto:jaap.keuter@xxxxxxxxx>> wrote:
>>
>> On 03/07/2013 11:27 AM, Muhammad El-Sergani wrote:
>> > Hello all,
>> >
>> > After a recent Wireshark update on one of our SIP servers, we are
>> unable to
>> > apply a read filter while writing the capture file, but rather
>> have to capture
>> > everything to a host, write that to a file then apply our read
>> filters when
>> > reading from the file.
>> >
>> > This is hard to maintain as our SIP traffic is huge, and just
>> capturing
>> > everything is unpractical.
>> >
>> > Is there a known/method/practice/script that can be used to allow
>> users to apply
>> > a read filter to a trace session while writing the dump to a file?
>> >
>> > Everything is Linux based.
>> >
>> > Thanks
>> > in advance!
>> > //M
>> >
>>
>> Hi,
>>
>> Can you specify what a recent Wireshark update means? What version
>> did you have
>> before and what version do you have now?
>>
>> Thanks,
>> Jaap
