I am trying to extract the SIP dialog (call) with a specific SIP Call-ID header value. For example, I am trying to run the following command with the noted display filter. tshark -r Full_SIP-ISDN-GW.pcap -Y "(sip.Call-ID == "[email protected]") or (udp.port==24116 and udp.port==8030)" -w extracted_call.pcap This display filter works fine in Wireshark, but I am getting the following error when running using in tshark. tshark: "@" was unexpected in this context. Does anyone have any ideas on how to get around this? Thanks in advance. Travis asked 29 Mar '17, 12:33 Rooster_50 |
One Answer:
Most likely you need to escape the quotes for the string. Please give a try to:
answered 29 Mar '17, 13:49 Pascal Quantin That was it Pascal, many thanks! (29 Mar '17, 13:58) Rooster_50 |
TShark (Wireshark) 2.2.5 (v2.2.5-0-g440fd4d)