Hi all I'm trying to automate the decryption of a trace with PowerShell and tshark. I have something like this: $SSLOptions=" -o ssl.desegment_ssl_records:TRUE -o ssl.desegment_ssl_application_data:TRUE -o ssl.keylog_file:C:\FilesToAnalyze\ssltest.sslkeys" Thing is that, if I run the whole command: ./tshark -r c:\FilesToAnalyze\ssltest.cap -o ssl.desegment_ssl_records:TRUE -o ssl.desegment_ssl_application_data:TRUE -o ssl.keylog_file:C:\FilesToAnalyze\ssltest.sslkeys works fine. But, if I run instead ./tshark -r c:\FilesToAnalyze\ssltest.cap $SSLOptions Fails with the following error: ./tshark : tshark: "ssl.desegment_ssl_records:TRUE" was unexpected in this context. At line:1 char:1 + ./tshark -r "c:\FilesToAnalyze\ssltest.cap" $SSLOptions + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (tshark: "ssl.de...n this context.:String) [], RemoteException + FullyQualifiedErrorId : NativeCommandError Any idea? I tested using double quotes, simple quotes, changing the order of the arguments... I have other scripts where I'm passing variables as filters or options, but I don;t know why is not working specificalyl when I use the -o option. Thanks in advance!! Osito asked 26 Sep '17, 08:38  osito |
One Answer:
This is more a Powershell question than a Wireshark one, but here it goes. Powershell apparently interprets that as passing a single argument containing the contents of that string rather than multiple arguments for each. A solution is to store each separate argument in an array element and use Take also advantage of the fact that tshark treats See also:
answered 26 Sep ‘17, 17:17  Lekensteyn |
Hi Lekensteyn
Thanks very much for your answer, works like a charm now!! :) :)
Good to know that -o option is the same as -ooption, saves me a lot of work. And for the links, my PowwerShell is still very basic and they are interesting.
Cheers, Osito