Wireshark · Wireshark-users: Re: [Wireshark-users] tshark: Read filters were specified both with "-R" and with additional command

Wireshark-users: Re: [Wireshark-users] tshark: Read filters were specified both with "-R" and wit

From: Sake Blok <sake@xxxxxxxxxx>

Date: Sun, 30 Jan 2011 10:20:57 +0100

On 30 jan 2011, at 03:58, Neil Fraser wrote:

> command I'm attempting to use in a linux environment:
> tshark -r hammer2901b -w 0291400000 -R sip.to.addr == "sip:0291400000@192.168.1.1:5060" or sip.to.addr == "sip:1887500434779620@123.456.123.456"
> 
> output always remains as: tshark: Read filters were specified both with "-R" and with additional command-line arguments

That is because tshark will interpret this as "-R sip.to.addr" and use the rest of the commandline arguments as a read filter. So either you drop the -R or you have to make sure that the argument after -R is one string. You can do this by placing the whole filter within single quotes:

-R 'sip.to.addr == "sip:0291400000@192.168.1.1:5060" or sip.to.addr == "sip:1887500434779620@123.456.123.456" '

Cheers,
Sake

References:
- [Wireshark-users] tshark: Read filters were specified both with "-R" and with additional command-line arguments
  - From: Neil Fraser

Prev by Date: Re: [Wireshark-users] tcp.time_delta column with tshark
Next by Date: Re: [Wireshark-users] tcp.time_delta column with tshark
Previous by thread: Re: [Wireshark-users] tshark: Read filters were specified both with "-R" and with additional command-line arguments
Next by thread: [Wireshark-users] WIRESHARK EVENT IN A TECHFEST
Index(es):
- Date
- Thread