Hi,
On Mon, Apr 02, 2012 at 03:25:09PM +0200, Anders Broman wrote:
> This tshark command string used to work but now it gives an error, ideas?
>
> ./tshark -i eth1 -w /tmp/httpoam.log -n -f "(net 10.80.34.96/27 or net 10.80.34.0/27) and port 80" -N mtC -z proto,colinfo,http.request.method,http.request.method -z proto,colinfo,http.response.code,http.response.code -S -a duration:6
>
> tshark: A capture filter was specified both with "-f" and with additional command-line arguments
-S <separator> the line separator to print between packets
It assumes that -a is separator, and 'duration:6' is "additional" filter?
r39168[1] is probably culprit:
Add a new tshark option for being able to specify an alternate line
separator between packets. The option chosen was "-S <separator>".
The former -S option was renamed to -P, and the former -P option,
which was previously undocumented, was renamed to -2.
So you probably want:
$ tshark -i eth0 -w /tmp/httpoam.log -n -f "(net 10.80.34.96/27 or net 10.80.34.0/27) and port 80" \
-N mtC -z proto,colinfo,http.request.method,http.request.method \
-z proto,colinfo,http.response.code,http.response.code -P -a duration:6
hth.
[1] http://anonsvn.wireshark.org/viewvc?view=revision&revision=39168