First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

tshark: ":" was unexpected in this context

  • retag add tags

When I use TShark (Wireshark) 4.0.4 (v4.0.4-0-gea14d468d9ca) to filter 'frame.protocols == raw:ip:udp:data' with following cli,

"tshark -r 1.pcap  -t ad -Y "frame.protocols == raw:ip:udp:data" -w 2.pcap"

the error msg appear.

tshark: ":" was unexpected in this context.
    frame.protocols == raw:ip:udp:data
                          ^

Please note that, I can use frame.protocols == "raw:ip:udp:data" to get filter result in Wireshark UI. How can I filter result result with tshark?

isaac00112233's avatar
1
isaac00112233
asked 2023-04-10 08:17:15 +0000
grahamb's avatar
23.8k
grahamb
updated 2023-04-11 10:23:40 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Did you note that in Wireshark GUI you quoted the string raw:ip:udp:data? What happens if you do the same in the TShark CLI?

Jaap's avatar
13.7k
Jaap
answered 2023-04-10 09:34:46 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Yeap, that's the solution. Thanks.

isaac00112233's avatar isaac00112233 (2023-04-10 09:39:01 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer