Ask Your Question

tshark: ":" was unexpected in this context

asked 2023-04-10 08:17:15 +0000

isaac00112233 gravatar image

updated 2023-04-11 10:23:40 +0000

grahamb gravatar image

When I use TShark (Wireshark) 4.0.4 (v4.0.4-0-gea14d468d9ca) to filter 'frame.protocols == raw:ip:udp:data' with following cli,

"tshark -r 1.pcap  -t ad -Y "frame.protocols == raw:ip:udp:data" -w 2.pcap"

the error msg appear.

tshark: ":" was unexpected in this context.
    frame.protocols == raw:ip:udp:data

Please note that, I can use frame.protocols == "raw:ip:udp:data" to get filter result in Wireshark UI. How can I filter result result with tshark?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2023-04-10 09:34:46 +0000

Jaap gravatar image

Did you note that in Wireshark GUI you quoted the string raw:ip:udp:data? What happens if you do the same in the TShark CLI?

edit flag offensive delete link more


Yeap, that's the solution. Thanks.

isaac00112233 gravatar imageisaac00112233 ( 2023-04-10 09:39:01 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2023-04-10 08:17:15 +0000

Seen: 115 times

Last updated: Apr 11