Hello,
I am making a script for set up a filter, and then it uses tshark to filter the capture.
Here is an example of the input and what it have to do:
./tshark.sh SIP.cap674.gz output.cap
a3c8257f2a3a674f9e39f4ae80f116ba@111.11.11.1 1751131597
ec9654da6085fca7747fff4de60eb910@111.11.11.1 5cc02e9df0dc924980d2d8536c20c92a@111.11.11.1
and the output was to be:
/usr/bin/tshark -r SIP.cap674.gz -w output.cap -R 'rtp or sip.Call-ID contains "
a3c8257f2a3a674f9e39f4ae80f116ba@111.11.11.1" or sip.Call-ID contains "1751131597" or sip.Call-ID contains "
ec9654da6085fca7747fff4de60eb910@111.11.11.1" or sip.Call-ID contains "
5cc02e9df0dc924980d2d8536c20c92a@111.11.11.1"'
if I just print that output, copy and paste to execute in terminal, it works. but if I make it to run in the script, the tshark prints this error:
tshark: Read filters were specified both with "-R" and with additional command-line arguments
Do you know if there is any limitations to use tshark in a script (Bash)?
Here is the code of the script:
[code]
#!/bin/bash
let i=$#
if [ $i -lt 3 ]
then
echo wrong parameters!
exit 0
fi
input="$1"
shift
output="$1"
shift
filter="'rtp"
let i--
while test "$1"
do
i=$((i+1))
filter=$filter" or sip.Call-ID contains \"$1\""
shift
done
filter=$filter'
args="-r $input -w $output -R $filter"
Tshark="/usr/bin/tshark"
execute="$Tshark $args"
echo "$execute"
echo
$execute
echo Filtered capture in $output
[/code]
