On Thu, Jul 10, 2008 at 05:36:19PM -0300, Rafael Morita wrote:
> Hello,
>
> I am making a script for set up a filter, and then it uses tshark to filter
> the capture.
>
> Here is an example of the input and what it have to do:
>
> ./tshark.sh SIP.cap674.gz output.cap
> a3c8257f2a3a674f9e39f4ae80f116ba@111.11.11.1 1751131597
> ec9654da6085fca7747fff4de60eb910@111.11.11.1
> 5cc02e9df0dc924980d2d8536c20c92a@111.11.11.1
>
>
>
> and the output was to be:
>
> /usr/bin/tshark -r SIP.cap674.gz -w output.cap -R 'rtp or sip.Call-ID
> contains "a3c8257f2a3a674f9e39f4ae80f116ba@111.11.11.1" or sip.Call-ID
> contains "1751131597" or sip.Call-ID contains "
> ec9654da6085fca7747fff4de60eb910@111.11.11.1" or sip.Call-ID contains "
> 5cc02e9df0dc924980d2d8536c20c92a@111.11.11.1"'
>
>
>
> if I just print that output, copy and paste to execute in terminal, it
> works. but if I make it to run in the script, the tshark prints this error:
>
> tshark: Read filters were specified both with "-R" and with additional
> command-line arguments
Putting the qoutes and ticks right can be tricky...
> Do you know if there is any limitations to use tshark in a script (Bash)?
Well, of course there are limitations, but this is not one of them ;-)
> Here is the code of the script:
Change:
> filter="'rtp"
to
filter="rtp"
... and remove:
> filter=$filter'
Then use:
tshark -r $input -w $output -R "$filter"
to execute your filter and then I think it should work :-)
Cheers,
Sake
