Hi,
Yes, it states: "This option specifies a display filter to be applied when
*reading packets from a capture file*."
You're not reading from a capture file, you're doing a life capture. That's a
different thing.
Sure it would be nice to have, but it's not there yet.
Thanx,
Jaap
Vinay Chilakamarri wrote:
I went through the message posted by Jason before trying out the "-R"
argument. I thought that this feature might have got included after I
saw the documentation for commandline start for wireshark, which
specifies a note for "-R"
http://www.wireshark.org/docs/wsug_html_chunked/ChCustCommandLine.html
On Sun, Apr 13, 2008 at 8:35 AM, Jaap Keuter <jaap.keuter@xxxxxxxxx
<mailto:jaap.keuter@xxxxxxxxx>> wrote:
Hi,
You're trying to use a read filter as display filter for a running
capture.
That is not supported. You can use -R with -r.
You might want to file a improvement request on bugzilla for that.
Thanx,
Jaap
Vinay Chilakamarri wrote:
> Hi,
>
> After many attempts at this, I couldn't understand why WireShark
> disregards the "-R" argument. I worked with tshark with valid display
> filters and passed them with "-R" argument and they were working as
> expected. But when I try the same with wireshark, no matter how I
tried
> supplying the filter with "-R" argument, it displays all of the
packets.
> I tried this in windows, while it doesn't filter anything:
>
> wireshark -f "udp port 37112" -i2 -k
-R"(wlan.addr==00:2E:E0:76:5D:83)"
>
> wireshark -f "udp port 37112"
-R"wlan.addr==\"00:2E:E0:76:5D:83"" -i2 -k
>
> wireshark -f "udp port 37112" -R'wlan.addr==00:2E:E0:76:5D:83'
-i2 -k
>
> wireshark -f "udp port 37112" -R wlan.addr==00:2E:E0:76:5D:83
-i2 -k
>
>