Wireshark · Wireshark-users: Re: [Wireshark-users] tshark: Read filters were specified both with "-R" and with additional command

Wireshark-users: Re: [Wireshark-users] tshark: Read filters were specified both with "-R" and wit

From: Sake Blok <sake@xxxxxxxxxx>

Date: Sun, 30 Jan 2011 10:20:57 +0100

On 30 jan 2011, at 03:58, Neil Fraser wrote:

> command I'm attempting to use in a linux environment:
> tshark -r hammer2901b -w 0291400000 -R sip.to.addr == "sip:[email protected]:5060" or sip.to.addr == "sip:[email protected]"
> 
> output always remains as: tshark: Read filters were specified both with "-R" and with additional command-line arguments

That is because tshark will interpret this as "-R sip.to.addr" and use the rest of the commandline arguments as a read filter. So either you drop the -R or you have to make sure that the argument after -R is one string. You can do this by placing the whole filter within single quotes:

-R 'sip.to.addr == "sip:[email protected]:5060" or sip.to.addr == "sip:[email protected]" '

Cheers,
Sake

References:
- [Wireshark-users] tshark: Read filters were specified both with "-R" and with additional command-line arguments
  - From: Neil Fraser

Prev by Date: Re: [Wireshark-users] tcp.time_delta column with tshark
Next by Date: Re: [Wireshark-users] tcp.time_delta column with tshark
Previous by thread: Re: [Wireshark-users] tshark: Read filters were specified both with "-R" and with additional command-line arguments
Next by thread: [Wireshark-users] WIRESHARK EVENT IN A TECHFEST
Index(es):
- Date
- Thread