I have use Command Lind to start Wire Shark capture fallow this- wireshark -i LAN_B -i LAN_A -k -f "dst port 9500" -S -l -b duration:60 --ring-buffer files:10 -w D:\tmp\test03
All Function that work except Filter Function, I do"nt know why it not work where this thing wrong and how to soult this???
It depends on where you put the capture filter in the argument list. See the man page entry for the -f option:
This option can occur multiple times. If used before the first occurrence of the -i option, it sets the default capture filter expression. If used after an -i option, it sets the capture filter expression for the interface specified by the last -i option occurring before this option. If the capture filter expression is not set specifically, the default capture filter expression is used if provided.
The behaviour can be verified by omitting the -k flag and opening the Capture Options dialog and inspecting the capture filter for each interface.
Comments
In what way is it not working, does it exclude traffic you want or include traffic you didn't want?
Do you have VLAN tagged traffic?
The capture filter is not used when two interfaces are defined. I tried it and I've the same issue. Bug?