Package: tshark
Version: 1.12.1+g01b65bf-4
Severity: important
Previously, a command like
# tshark -w /tmp/bla portrange 22-23 or portrange 25-26
did work fine - I used something similar in some test scripts.
With the current version, all that does is giving the usage output.
Fine, let's specify the filter explicitly:
# tshark -w /tmp/bla -R "portrange 22-23 or portrange 25-26"
tshark: -R without -2 is deprecated. For single-pass filtering use -Y.
Grmbl. Okay, let's try this.
# tshark -w /tmp/bla -R "portrange 22-23 or portrange 25-26" -2
tshark: Live captures do not support two-pass analysis.
Bah. Last resort:
# tshark -w /tmp/bla -Y "portrange 22-23 or portrange 25-26"
tshark: Display filters aren't supported when capturing and saving the
captured packets.
Hmmm, maybe I'm using the wrong syntax?
# tshark -w /tmp/bla -Y "tcp.port == 22 or tcp.port == 25"
tshark: Display filters aren't supported when capturing and saving the
captured packets.
Nope.
So, how would I now capture to a file while using a filter?
Searching for "capture" in /usr/share/doc/tshark/* didn't give any
meaningful help.
Thanks for all hints!
-- System Information:
Debian Release: 8.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.18.0-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages tshark depends on:
ii libc6 2.19-17
ii libglib2.0-0 2.42.1-1
ii libpcap0.8 1.6.2-2
ii libwireshark5 1.12.1+g01b65bf-4
ii libwiretap4 1.12.1+g01b65bf-4
ii libwsutil4 1.12.1+g01b65bf-4
ii wireshark-common 1.12.1+g01b65bf-4
ii zlib1g 1:1.2.8.dfsg-2+b1
tshark recommends no packages.
tshark suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
