Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 11556] TShark does not display all packets even when they match a given read f

Wireshark-bugs: [Wireshark-bugs] [Bug 11556] TShark does not display all packets even when they

Date: Wed, 30 Sep 2015 06:48:57 +0000

Comment # 1 on bug 11556 from [email protected]

The filter that does not work will work if the IP is changed:

1) Does not work:
$tshark -r tshark123.cap -n -d udp.port==9999,cflow  -T fields -e cflow.srcaddr
-R "ip.src="" && cflow.srcaddr==192.168.104.113" -2
$

2) Changing ip.src to another IP works, meaning the syntax seems correct:
$tshark -r tshark123.cap -n -d udp.port==9999,cflow  -T fields -e cflow.srcaddr
-R "ip.src="" && cflow.srcaddr==192.168.104.113" -2
192.168.104.113
192.168.104.113
$

3) Changing original filter to -Y works as well.
$tshark -r tshark123.cap -n -d udp.port==9999,cflow  -T fields -e cflow.srcaddr
-Y "ip.src="" && cflow.srcaddr==192.168.104.113" -
2
192.168.104.113
192.168.104.113
$

You are receiving this mail because:

You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 11556] New: TShark does not display all packets even when they match a given read filter
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 11556] TShark does not display all packets even when they match a given read filter
Next by Date: [Wireshark-bugs] [Bug 11462] Buildbot crash output: fuzz-2015-08-20-29629.pcap
Previous by thread: [Wireshark-bugs] [Bug 11556] TShark does not display all packets even when they match a given read filter
Next by thread: [Wireshark-bugs] [Bug 11556] TShark does not display all packets even when they match a given read filter
Index(es):
- Date
- Thread