Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

and how could I use a file containing multiple filters as a capture filter in tshark on WINDOWS CMD?

Given that cmd.exe doesn't support the backquote mechanism that the UN*X Bourne shell, and compatible shells, has always supported, and doesn't support the newer "$({command})" syntax, either, the answer is "with great difficulty". You might have to extract the appropriate line from the file using the find command, somehow construct and write to a .bat file a dumpcap command that uses that filter, and then run that .bat file.

If PowerShell supports a mechanism that can capture the standard output of a command and then substitute it into a command line, the way the backquote and "$({command})" mechanisms do in Bourne-compatible shells, you could try using that along with the find command.

and how could I use a file containing multiple filters as a capture filter in tshark on WINDOWS CMD?

Given that cmd.exe doesn't support the backquote mechanism that the UN*X Bourne shell, and compatible shells, has always supported, and doesn't support the newer "$({command})" syntax, either, the answer is "with great difficulty". You might have to extract the appropriate line from the file using the find command, somehow construct and write to a .bat file a dumpcap command that uses that filter, and then run that .bat file.

If PowerShell supports a mechanism that can capture the standard output of a command and then substitute it into a command line, the way the backquote and "$({command})" mechanisms do in Bourne-compatible shells, you could try using that along with the find command.

And to add a comment I just made in issue #18808:

Using tshark rather than dumpcap might be the right choice, given that, if you're not using tshark to dissect the packets as they're being captured, all tshark does is act as a front-end to dumpcap, with dumpcap doing all the real work of capturing to a file or files.

which is also what Chris Maynard said in a comment:

It might be possible to devise a native Windows solution, but is it even worth the effort if you can just use tshark with built-in predef support where you can just use Wireshark's cfilters file instead?