Sign in to follow this  
Followers 0
ionut

Run(@ProgramFilesDir & "\Wireshark\tshark.exe -f " & $bytePatternList & " -i " & $captureInterface & " -z io,phs > logs.txt")

9 posts in this topic

Hello,

I am trying to start a tshark packet capture using the following script:

#include <Constants.au3>

$bytePatternList="""ip[1:1] == 0x40"""
$captureInterface="\Device\NPF_{9B31E451-BF23-4610-AD0D-DE271508E93C}"


$foo = Run(@ProgramFilesDir & "\Wireshark\tshark.exe -f " & $bytePatternList & " -i " &  $captureInterface & " -z io,phs > logs.txt")
ConsoleWrite("tshark.exe -f " & $bytePatternList & " -i " &  $captureInterface & " -z io,phs > logs.txt" & @CRLF)

The problem is that Tshark throws the following error after the Run command: "tshark: Capture filters were specified both with "-f" and with additional command-line arguments".

If I open up a cmd session and paste the output of the ConsoleWrite command from above tshark will not raise any errors:

"C:\Program Files (x86)\Wireshark>tshark.exe -f "ip[1:1] == 0x40" -i \Device\NPF_{9B31E451-BF23-4610-AD0D-DE271508E93C} -z io,phs > logs.txt

Capturing on Intel® PRO/1000 EB Network Connection with I/O Acceleration

0 packets captured"

My conclusion is that the Run command is not passing correctly the string to tshark. The problem lies at the "> logs.txt" string. If I remove it, no error occurs. But I would like to redirect the output of tshark to a file using this tshark syntax. Does anyone know if there is a problem passing the ">" character using Run command? Is there any other problem with my script?

Thank you,

Ionut

PS I have a workaround - that's reading directly from STDOUT but I am limited by the buffer size.

Share this post


Link to post
Share on other sites



Add @ProgramFilesDir & "\Wireshark" as your working directory in the Run() parameters.

:blink:


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

Add @ProgramFilesDir & "\Wireshark" as your working directory in the Run() parameters.

:blink:

Same error from tshark. This is the code you have suggested and I have tried:

$foo = Run(@ProgramFilesDir & "\Wireshark\tshark.exe -f " & $bytePatternList & " -i " &  $captureInterface & " -z io,phs > logs.txt", @ProgramFilesDir & "\Wireshark", @SW_SHOW, $STDIN_CHILD)

Thanks,

Ionut

Share this post


Link to post
Share on other sites

Hmm...

Compare this: @ProgramFilesDir & "\Wireshark\tshark.exe -f "

To this: "C:\Program Files (x86)\Wireshark>tshark.exe -f "

Two things stand out:

1. Is @ProgramFilesDir giving you the "(x86)"?

2. Since it contains spaces, you should enclose the executable path in double quotes.

#include <Constants.au3>

$bytePatternList='"ip[1:1] == 0x40"'
$captureInterface='\Device\NPF_{9B31E451-BF23-4610-AD0D-DE271508E93C}'
$sProgFiles = @ProgramFilesDir
If StringInStr(@OSArch, '64') Then $sProgFiles = 'C:\Program Files (x86)'
$sExtCmd = '"' & $sProgFiles & '\Wireshark\tshark.exe" -f ' & $bytePatternList & ' -i ' &  $captureInterface & ' -z io,phs > logs.txt'
$foo = Run($sExtCmd, $sProgFiles & '\Wireshark')

:blink:


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

@PsaltyDS: I've tweaked a little bit the code to see the error in the Autoit Console:

$foo = Run($sExtCmd, $sProgFiles & '\Wireshark', @SW_HIDE, $STDIN_CHILD)

I am still getting the same error: "tshark: Capture filters were specified both with "-f" and with additional command-line arguments"

The "Program Files (x86)" path is correct - I am running on a x64 Application Server.

Thanks,

Ionut

Share this post


Link to post
Share on other sites

Running manually from the cmd line works :blink::

C:\Program Files (x86)\Wireshark>"C:\Program Files (x86)\Wireshark\tshark.exe" -f "ip[1:1] == 0x40" -i \Device\NPF_{9B31E451-BF23-4610-AD0D-DE271508E93C} -z io,phs > d:\logs.txt

Capturing on Intel® PRO/1000 EB Network Connection with I/O Acceleration

I can't figure out what is the difference between the command run from Autoit and the manual run....

Share this post


Link to post
Share on other sites

Help!!

I have the similar issue when using AutoIT, it works well on CMD.

$sCmdLine =  """N:\AutoIt\Tools\sigcheck.exe"" -q -v ""D:\xxx.exe"" > ""C:\DOCUME~1\ssong\LOCALS~1\Temp\xxx.csv"""
RunWait($sCmdLine, @WindowsDir, @SW_HIDE)

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

Help!!

I have the similar issue when using AutoIT, it works well on CMD.

$sCmdLine =  """N:\AutoIt\Tools\sigcheck.exe"" -q -v ""D:\xxx.exe"" > ""C:\DOCUME~1\ssong\LOCALS~1\Temp\xxx.csv"""
RunWait($sCmdLine, @WindowsDir, @SW_HIDE)

To many quotes for me.

Try:

$sCmdLine = "N:\AutoIt\Tools\sigcheck.exe -q -v"&&"D:\xxx.exe > C:\DOCUME~1\ssong\LOCALS~1\Temp\xxx.csv"

RunWait($sCmdLine, "", @SW_HIDE)

Edited by JoHanatCent

Share this post


Link to post
Share on other sites

Help!!

I have the similar issue when using AutoIT, it works well on CMD.

$sCmdLine =  """N:\AutoIt\Tools\sigcheck.exe"" -q -v ""D:\xxx.exe"" > ""C:\DOCUME~1\ssong\LOCALS~1\Temp\xxx.csv"""
RunWait($sCmdLine, @WindowsDir, @SW_HIDE)
I see nothing wrong with the way you included your literal quotes, assuming the desired result was:
"N:\AutoIt\Tools\sigcheck.exe" -q -v "D:\xxx.exe" > "C:\DOCUME~1\ssong\LOCALS~1\Temp\xxx.csv"

Another, sometimes less confusing way to do that is use single quotes to wrap the literal double quotes:

$sCmdLine =  '"N:\AutoIt\Tools\sigcheck.exe" -q -v "D:\xxx.exe" > "C:\DOCUME~1\ssong\LOCALS~1\Temp\xxx.csv"'

When running it manually in a CMD console, do you really have to put quotes around the sigcheck.exe path?

You might also try:

$sExePath =  'N:\AutoIt\Tools\sigcheck.exe'
$sParams = '-q -v "D:\xxx.exe" > "C:\DOCUME~1\ssong\LOCALS~1\Temp\xxx.csv"'
ShellExecute($sExePath, $sParams)

;)


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0