Wireshark-users: Re: [Wireshark-users] Tshark - displaying all sdp.media_attr on win2k system

From: "Boonie" <newsboonie@xxxxxxxxx>
Date: Tue, 9 Nov 2010 19:50:27 +0100

----- Original Message ----- From: "Christopher Maynard" <Chris.Maynard@xxxxxxxxx>
To: <wireshark-users@xxxxxxxxxxxxx>
Sent: Tuesday, November 09, 2010 7:17 PM
Subject: Re: [Wireshark-users]Tshark - displaying all sdp.media_attr on win2k system


Christopher Maynard <Chris.Maynard@...> writes:

> Any thoughts? Or am I out of luck?

You might be able to use something like: tshark -R "frame contains FOO"
or even: tshark -R "sdp.media_attr && frame contains FOO"


Yes! That works. It even gets better. I've changed it to: sdp contains "PCMA" (example)

I expect that this will be faster than frame contains.

I've even tested this on version 0.99.8 portable and it does the job.

Thanks. You made my day.

Dave