1 | initial version |
and how could I use a file containing multiple filters as a capture filter in tshark on WINDOWS CMD?
Given that cmd.exe doesn't support the backquote mechanism that the UN*X Bourne shell, and compatible shells, has always supported, and doesn't support the newer "$({command})" syntax, either, the answer is "with great difficulty". You might have to extract the appropriate line from the file using the find
command, somehow construct and write to a .bat
file a dumpcap
command that uses that filter, and then run that .bat
file.
If PowerShell supports a mechanism that can capture the standard output of a command and then substitute it into a command line, the way the backquote and "$({command})" mechanisms do in Bourne-compatible shells, you could try using that along with the find
command.
2 | No.2 Revision |
and how could I use a file containing multiple filters as a capture filter in tshark on WINDOWS CMD?
Given that cmd.exe doesn't support the backquote mechanism that the UN*X Bourne shell, and compatible shells, has always supported, and doesn't support the newer "$({command})" syntax, either, the answer is "with great difficulty". You might have to extract the appropriate line from the file using the find
command, somehow construct and write to a .bat
file a dumpcap
command that uses that filter, and then run that .bat
file.
If PowerShell supports a mechanism that can capture the standard output of a command and then substitute it into a command line, the way the backquote and "$({command})" mechanisms do in Bourne-compatible shells, you could try using that along with the find
command.
And to add a comment I just made in issue #18808:
Using tshark rather than dumpcap might be the right choice, given that, if you're not using tshark to dissect the packets as they're being captured, all tshark does is act as a front-end to dumpcap, with dumpcap doing all the real work of capturing to a file or files.
which is also what Chris Maynard said in a comment:
It might be possible to devise a native Windows solution, but is it even worth the effort if you can just use
tshark
with built-in predef support where you can just use Wireshark'scfilters
file instead?