Wireshark-users: Re: [Wireshark-users] tshark smb,srt filter error
From: Evan Huus <eapache@xxxxxxxxx>
Date: Sun, 20 Oct 2013 13:05:16 -0400
On Sun, Oct 20, 2013 at 1:47 AM, Tal Bar-Or <tbaror@xxxxxxxxx> wrote:
> Hi All,
>
> i am trying to get some smb statistics for certain file using tshark for
> scripting propose , i think i am using the correct syntax but still getting
> errors as follows below even if i remove the \ i get invalid - "New" was
> unexpected in this context.
>
> Please advice
>
> Thanks
>
>
>> C:\traces_test>"c:\Program Files\Wireshark\tshark.exe" -n -r
>> tracesmb_fileop1.pcap -q -z "smb,srt,smb.file==\\New Video 12_20196.xml"
>>
>> tshark: Couldn't register smb,srt tap: Filter "smb.file==\New Video
>> 12_20196.xml" is invalid - "\" was unexpected in this context.
>
>
> --
> Tal Bar-or

Hi Tal,

Just guessing, but I think you probably need to add quotes around the
file-name string. Does

"smb,srt,smb.file==\"\\New Video 12_20196.xml\""

work?

Evan