I have tried using the -R option but it seems it is only for reading previously captured files? Is there anyway of doing this please. I have just downloaded latest stable version 1.6.0 and rebuilt on centos 5.5. e.g. wireshark -i bond0 -R tcp.port==8600 -k and whatever else options etc I found a faq with someone offering a solution (which was admitted that it did not work) with hope someone would answer. any ideas most greatful asked 18 Jul '11, 07:36  spotthemaniac |
One Answer:
To confirm, the man-page for
EDIT: If you're building Wireshark, you might as well add code to allow setting the display filter for live captures. See funnel_set_filter and funnel_apply_filter for examples of how to set a display filter. answered 18 Jul '11, 07:50  helloworld edited 18 Jul '11, 09:06 |
yes thanks i understand that, I need to run some repetitive tests and would like a one shell command to run wireshark and then look at the captures. Typing in the display filter every time justs adds nause and the possibility of error.
You can also save the Display Filters:
Wireshark User's Guide: 6.6. Defining and saving filters
Or you can edit the dfilters file:
C:\Documents and Settings\USER\Application Data\Wireshark
Add your filter to the file.
Make sure you end with an empty line, otherwise you won't see your filter.