THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question

Revision history  [back]

Revision 2
grahamb's avatar
23.8k
grahamb
updated 2023-04-11 10:23:40 +0000

tshark: ":" was unexpected in this context

When I use TShark (Wireshark) 4.0.4 (v4.0.4-0-gea14d468d9ca) to filter 'frame.protocols == raw:ip:udp:data' with following cli,

"tshark -r 1.pcap  -t ad -Y "frame.protocols == raw:ip:udp:data" -w 2.pcap"

the error msg appear.

tshark: ":" was unexpected in this context.
    frame.protocols == raw:ip:udp:data
                          ^

Please note that, I can use frame.protocols == "raw:ip:udp:data" to get filter result in Wireshark UI. How can I filter result result with tshark?

Revision 1
isaac00112233's avatar
1
isaac00112233
asked 2023-04-10 08:17:15 +0000

tshark: ":" was unexpected in this context

When I use TShark (Wireshark) 4.0.4 (v4.0.4-0-gea14d468d9ca) to filter 'frame.protocols == raw:ip:udp:data' with following cli,

cli, "tshark -r 1.pcap  -t ad -Y "frame.protocols == raw:ip:udp:data" -w 2.pcap"

2.pcap", the error msg appear.

appear.
tshark: ":" was unexpected in this context.
    frame.protocols == raw:ip:udp:data
                          ^

Please note that, I can use frame.protocols == "raw:ip:udp:data" to get filter result in Wireshark UI. How can I filter result result with tshark?