Re: [Ethereal-users] Filtering using FRAME.TIME - help

[Guy Harris <gharris@xxxxxxxxx>]

On Fri, Jul 05, 2002 at 03:37:56PM +1000, Tino wrote:
> I followed one of Guy Harris's instruction from earlier post using the
> following command
> 
> tethereal -r input -w output -R 'frame.time >=  "Jul 4, 2001 15:48:34" and
> frame.time <=
> "Jul 4, 2002 15:25:00" and (ip.addr == 134.148.4.19 or ip.addr ==
> 137.111.13.32)'
> 
> which generate the following error
> 
> *** The parameter is incorrect. ***

As I remember, the Windows shell (whether its Windows OT's "command.com"
or Windows NT's "cmd.exe"), unlike the UNIX shell, doesn't support both
' and " as quotation characters.

In addition, you can't use ' as a quotation character in display
filters, so you can't do

	tethereal -r input -w output -R "frame.time >= 'Jul 4, 2001 15:48:34'
	    and frame.time <= 'Jul 4, 2002 15:25:00' and
	    (ip.addr == 134.148.4.19 or ip.addr == 137.111.13.32)"

You'd either have to

	1) install Cygwin and use Cygwin's shell (which is bash, and
	   Bourne-shell compatible, so it supports both ' and " as
	   quotation characters), or get some other shell that supports
	   both ' and " as quotation characters

or

	2) do it with Ethereal, by reading in the capture file,
	   filtering it with

		frame.time >= "Jul 4, 2001 15:48:34" and
		frame.time <= "Jul 4, 2002 15:25:00" and
		(ip.addr == 134.148.4.19 or ip.addr == 137.111.13.32)

	   as a display filter, and saving the displayed frames

or

	3) find some other way (e.g., writing your own program, or using
	   some scripting language) to run Tethereal with the
	   appropriate arguments.