This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Issues in capturing Wireshark filters

0

I am trying to launch wireshark from the cli with the following options...

wireshark -k -i eth2 -a filesize:1000000 -f <capture filter=""> The issue I have is that I want to use a pre-defined wireshark filter... when I run the above with the actual filter in the cli cmd it works, when I use a pre-defined one it fails..

Working example:

wireshark -k -i eth2 -a filesize:1000000 -f "host 40.40.41.42" Failure example (the one I am trying to use):

wireshark -k -i eth2 -a filesize:1000000 -f pre-defined-capture1 Where pre-defined-capture1 filter does show up under "Capture -> Options -> Capture Filter" list...

The error i get is that the filter is not valid, I would like to specify the filter I saved in the capture filters list if thats possible...

Any ideas?

asked 13 Dec '12, 09:22

gates2010's gravatar image

gates2010
1111
accept rate: 0%


One Answer:

0

Unfortunately, what you are asking for is not yet implemented. The option '-f' accepts only filters in the libpcap syntax. Please file and enhancement bug at bugs.wireshark.org.

Regards
Kurt

answered 14 Dec '12, 07:42

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

filed a bug.. thank you

(17 Dec '12, 16:18) gates2010