I have a large capture file which I want to filter, and have written a PowerShell which selects the frames in the capture file to keep. The produced display filter looks like this 'frame.number in {1, 6, 8,... }' but is large (saved to a text file it exceeds 700kB). When running tshark with this filter (tshark -r infile -Y "frame.number in ...." -w outfile) I get an error because the command is simply too large for the (powershell) command prompt to handle.
When I copy the filter to my clip board, open the GUI, paste the filter into Wireshark, it actually works (but very very slow), so the command shell (powershell) is the bottleneck, not tshark itself.
I've considered selecting frames in smaller batches, going over the capture file again and again, and then glueing the resulting capture files together with mergecap, but I consider that a messy (and most likely extremely slow) solution.
So the main question: Is there a more elegant solution, for example to read the display filter from a text file, and if so, how?