Ask Your Question

Revision history [back]

tshark: ":" was unexpected in this context

When I use TShark (Wireshark) 4.0.4 (v4.0.4-0-gea14d468d9ca) to filter 'frame.protocols == raw:ip:udp:data' with following cli, "tshark -r 1.pcap -t ad -Y "frame.protocols == raw:ip:udp:data" -w 2.pcap", the error msg appear. tshark: ":" was unexpected in this context. frame.protocols == raw:ip:udp:data ^ Please note that, I can use frame.protocols == "raw:ip:udp:data" to get filter result in Wireshark UI. How can I filter result result with tshark?

click to hide/show revision 2
None

updated 2023-04-11 10:23:40 +0000

grahamb gravatar image

tshark: ":" was unexpected in this context

When I use TShark (Wireshark) 4.0.4 (v4.0.4-0-gea14d468d9ca) to filter 'frame.protocols == raw:ip:udp:data' with following cli, cli,

"tshark -r 1.pcap  -t ad -Y "frame.protocols == raw:ip:udp:data" -w 2.pcap", 2.pcap"

the error msg appear. appear.

tshark: ":" was unexpected in this context.
    frame.protocols == raw:ip:udp:data
                          ^

Please note that, I can use frame.protocols == "raw:ip:udp:data" to get filter result in Wireshark UI. How can I filter result result with tshark?