This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

tshark string search on Windows

0

Hi,

When using

c:\tshark -r input frame contains "aaa" -w output

everything is fine.

When the string is "aaa bbb" I get an error on windows 7 saying "bbb" was unexpected in this context.

Any clue what is the issue?

Thanks, zf

asked 25 Apr '13, 10:38

zfme's gravatar image

zfme
16113
accept rate: 0%

edited 25 Apr '13, 11:46

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237

One Answer:

0

That's a quoting 'problem' of the DOS box. Please try tripple-quotes.

c:\tshark -r input frame contains """aaa bbb""" -w output

Regards
Kurt

answered 25 Apr '13, 11:55

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Thank you very much. It works.

(25 Apr '13, 14:38) zfme

@zfme

Your "answer" has been converted to a comment as that's how this site works. Please read the FAQ for more information.

If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.

(25 Apr '13, 15:26) grahamb ♦

For PowerShell you'll need to use a double escape method to quote the argument, e.g. a "\" for the Windows command processor and with a "`" for the PowerShell processor giving:

c:\tshark -r input frame contains `"aaa bbb`" -w output

See this blog entry for more on the intricacies of calling external commands from Powershell.

(25 Apr '13, 15:42) grahamb ♦