Wireshark mailing list archives
tshark: Difference between -R and -Y
From: Joerg Mayer <jmayer () loplof de>
Date: Sun, 5 Jan 2014 22:21:57 +0100
Hello,
I just found out that I don't understand what -R does.
If I run
tshark -2 -R "udp.port==53" -i wlan0
then it seems that I see all packets (arp, dns, lldp, ...)
if I instead run
tshark -2 -Y "udp.port==53" -i wlan0
I only see dns.
The manpage is not helpful either to explain what I am seeing
(snv HEAD / r54612)
Can someone please explain what is going on here?
Thanks
Jörg
--
Joerg Mayer <jmayer () loplof de>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- tshark: Difference between -R and -Y Joerg Mayer (Jan 05)
- Re: tshark: Difference between -R and -Y Evan Huus (Jan 05)
- Re: tshark: Difference between -R and -Y Joerg Mayer (Jan 07)
- Re: tshark: Difference between -R and -Y Evan Huus (Jan 07)
- Re: tshark: Difference between -R and -Y Joerg Mayer (Jan 07)
- Re: tshark: Difference between -R and -Y Evan Huus (Jan 05)