 | 1 | initial version |
It appears that you are working in a Windows cmd shell. It looks to be a quoting issue.
Did you try?
-Y "diameter.avp.code == 444 && e212.imsi == \"334110120002361\""
Not having a trace file like yours to test against I couldn't prove it provides your answer, but on my Windows system this filter did not cause an error.
Also when I tested with multiple -Y entries it does not appear to "OR" the two -Y filters. Instead only the last -Y filter gets applied.
Compare:
tshark -r MYCAP -Y "frame.number<5" -Y "frame.number<10"
with:
tshark -r MYCAP -Y "frame.number<10" -Y "frame.number<5"
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
