Hi All, Reposting since it doesn't seem to have reached. Sorry if it is a repeat.
Regards dharani On Thu, Sep 15, 2011 at 3:25 PM, Tharaneedharan Vilwanathan <vdhar...@gmail.com> wrote: > Hi All, > > I have a quick question on capture filter. > > I use named pipe to pass the packets to tshark. With a capture filter, > I tried to (a) store packets, (b) display and (c) store and display > the packets. > > $ tshark -i pipe_to_tshark -w test.pcap -f 'udp port 1900' > $ tshark -i pipe_to_tshark -S -f 'udp port 1900' > $ tshark -i pipe_to_tshark -w test.pcap -S -f 'udp port 1900' > > In all the above cases, packets dont seem to be filtered. From the > documentation, it looks like capture filter is valid only for live > traffic. > > Is the traffic arriving via named pipe considered live traffic? If so, > why is the filtering not happening? If not, why tshark doesn't throw > an error message? > > I remember capture filter being applied in kernel for live traffic > which doesn't apply for my case above but just wanted to confirm, > since I didnt see any error message for the above usages. > > I tried tshark 1.0.7 but I can try a later version if thats the problem. > > Please share your thoughts. Also, appreciate any pointers on capture > filter implementation. > > Thanks > dharani > ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
