I went through the message posted by Jason before trying out the "-R" argument. I thought that this feature might have got included after I saw the documentation for commandline start for wireshark, which specifies a note for "-R"
http://www.wireshark.org/docs/wsug_html_chunked/ChCustCommandLine.htmlOn Sun, Apr 13, 2008 at 8:35 AM, Jaap Keuter <
jaap.keuter@xxxxxxxxx> wrote:
Hi,
You're trying to use a read filter as display filter for a running capture.
That is not supported. You can use -R with -r.
You might want to file a improvement request on bugzilla for that.
Thanx,
Jaap
Vinay Chilakamarri wrote:
> Hi,
>
> After many attempts at this, I couldn't understand why WireShark
> disregards the "-R" argument. I worked with tshark with valid display
> filters and passed them with "-R" argument and they were working as
> expected. But when I try the same with wireshark, no matter how I tried
> supplying the filter with "-R" argument, it displays all of the packets.
> I tried this in windows, while it doesn't filter anything:
>
> wireshark -f "udp port 37112" -i2 -k -R"(wlan.addr==00:2E:E0:76:5D:83)"
>
> wireshark -f "udp port 37112" -R"wlan.addr==\"00:2E:E0:76:5D:83"" -i2 -k
>
> wireshark -f "udp port 37112" -R'wlan.addr==00:2E:E0:76:5D:83' -i2 -k
>
> wireshark -f "udp port 37112" -R wlan.addr==00:2E:E0:76:5D:83 -i2 -k
>
>
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users