This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I am trying use filter like this. But it return error on -R options? It looks like it doesn't like brackets any clues how the syntax should be?

"C:\Program files\Wireshark\wireshark" -r "2012-07-27_154856_10.36.1.210_4.pcap" -R "(ip.addr==x.x.x.x and gtp) || ( ranap.gTP_TEI == 0x000059ca or sctp.port==xxxxxx and (frame.time > "Jul 27, 2012 16:36:00" and frame.time < "July 27, 2012 16:38:00"))"

asked 01 Aug '12, 01:52

Dees's gravatar image

Dees
1333
accept rate: 0%


The problem is the use of quotes, not the brackets. You need to escape the inner quotes with \", otherwise the DOS commandline get's confused. Please try this:

"C:\Program files\Wireshark\wireshark" -r "2012-07-27_154856_10.36.1.210_4.pcap" -R "(ip.addr==x.x.x.x and gtp) || ( ranap.gTP_TEI == 0x000059ca or sctp.port==xxxx and (frame.time > \"Jul 27, 2012 16:36:00\" and frame.time < \"July 27, 2012 16:38:00\"))"

Regards
Kurt

permanent link

answered 01 Aug '12, 02:17

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Its still giving same error.

Unexpected end of filter string

The filter expression "(ip.addr=192.168.0.1 and gtp) || (" isn't a valid display filter.

(01 Aug '12, 02:23) Dees

it works on my Win 7 system. What is your OS? Maybe you should use OR instead of ||.

(01 Aug '12, 02:31) Kurt Knochner ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×40
×23
×16

question asked: 01 Aug '12, 01:52

question was seen: 4,330 times

last updated: 01 Aug '12, 02:32

p​o​w​e​r​e​d by O​S​Q​A