Hi All, i am trying to get some smb statistics for certain file using tshark , i think i am using the correct syntax but still getting errors as follows below even if i remove the \ i get invalid - "New" was unexpected in this context. Please advice Thanks tshark: Couldn't register smb,srt tap: Filter "smb.file==\New Video 12_20196.xml" is invalid - "\" was unexpected in this context. asked 19 Oct '13, 10:22  tbaror |
One Answer:
This was answered on the dev mailing list here by Evan. The answer is to escape the quotes required around the string to match and escape the backslash in the string, e.g.
answered 20 Oct '13, 16:31  grahamb ♦ |
Normally quoting or escaping does the trick, but I can't get this to work either. Note that you will probably have to escape the backslashes when we do work out what extra is required.
To work out what to put in filter try it out in the GUI, generally selecting the field, right clicking and choosing "Apply As Filter" then "Selected". You'll see for a file with the name
\server\paththe filter in the filter box becomes\\server\\pathThanks for the comment, but i do need tshark for scripting :-( i will give it further try with extra escaping. thanks