ionut 0 Posted July 27, 2010 Hello, I am trying to start a tshark packet capture using the following script: #include <Constants.au3> $bytePatternList="""ip[1:1] == 0x40""" $captureInterface="\Device\NPF_{9B31E451-BF23-4610-AD0D-DE271508E93C}" $foo = Run(@ProgramFilesDir & "\Wireshark\tshark.exe -f " & $bytePatternList & " -i " & $captureInterface & " -z io,phs > logs.txt") ConsoleWrite("tshark.exe -f " & $bytePatternList & " -i " & $captureInterface & " -z io,phs > logs.txt" & @CRLF) The problem is that Tshark throws the following error after the Run command: "tshark: Capture filters were specified both with "-f" and with additional command-line arguments". If I open up a cmd session and paste the output of the ConsoleWrite command from above tshark will not raise any errors: "C:\Program Files (x86)\Wireshark>tshark.exe -f "ip[1:1] == 0x40" -i \Device\NPF_{9B31E451-BF23-4610-AD0D-DE271508E93C} -z io,phs > logs.txt Capturing on IntelĀ® PRO/1000 EB Network Connection with I/O Acceleration 0 packets captured" My conclusion is that the Run command is not passing correctly the string to tshark. The problem lies at the "> logs.txt" string. If I remove it, no error occurs. But I would like to redirect the output of tshark to a file using this tshark syntax. Does anyone know if there is a problem passing the ">" character using Run command? Is there any other problem with my script? Thank you, Ionut PS I have a workaround - that's reading directly from STDOUT but I am limited by the buffer size. Share this post Link to post Share on other sites
PsaltyDS 39 Posted July 27, 2010 Add @ProgramFilesDir & "\Wireshark" as your working directory in the Run() parameters. Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Share this post Link to post Share on other sites
ionut 0 Posted July 27, 2010 Add @ProgramFilesDir & "\Wireshark" as your working directory in the Run() parameters. Same error from tshark. This is the code you have suggested and I have tried: $foo = Run(@ProgramFilesDir & "\Wireshark\tshark.exe -f " & $bytePatternList & " -i " & $captureInterface & " -z io,phs > logs.txt", @ProgramFilesDir & "\Wireshark", @SW_SHOW, $STDIN_CHILD) Thanks, Ionut Share this post Link to post Share on other sites
PsaltyDS 39 Posted July 27, 2010 Hmm... Compare this: @ProgramFilesDir & "\Wireshark\tshark.exe -f " To this: "C:\Program Files (x86)\Wireshark>tshark.exe -f " Two things stand out: 1. Is @ProgramFilesDir giving you the "(x86)"? 2. Since it contains spaces, you should enclose the executable path in double quotes. #include <Constants.au3> $bytePatternList='"ip[1:1] == 0x40"' $captureInterface='\Device\NPF_{9B31E451-BF23-4610-AD0D-DE271508E93C}' $sProgFiles = @ProgramFilesDir If StringInStr(@OSArch, '64') Then $sProgFiles = 'C:\Program Files (x86)' $sExtCmd = '"' & $sProgFiles & '\Wireshark\tshark.exe" -f ' & $bytePatternList & ' -i ' & $captureInterface & ' -z io,phs > logs.txt' $foo = Run($sExtCmd, $sProgFiles & '\Wireshark') Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Share this post Link to post Share on other sites
ionut 0 Posted July 27, 2010 @PsaltyDS: I've tweaked a little bit the code to see the error in the Autoit Console: $foo = Run($sExtCmd, $sProgFiles & '\Wireshark', @SW_HIDE, $STDIN_CHILD) I am still getting the same error: "tshark: Capture filters were specified both with "-f" and with additional command-line arguments" The "Program Files (x86)" path is correct - I am running on a x64 Application Server. Thanks, Ionut Share this post Link to post Share on other sites
ionut 0 Posted July 27, 2010 Running manually from the cmd line works : C:\Program Files (x86)\Wireshark>"C:\Program Files (x86)\Wireshark\tshark.exe" -f "ip[1:1] == 0x40" -i \Device\NPF_{9B31E451-BF23-4610-AD0D-DE271508E93C} -z io,phs > d:\logs.txt Capturing on IntelĀ® PRO/1000 EB Network Connection with I/O Acceleration I can't figure out what is the difference between the command run from Autoit and the manual run.... Share this post Link to post Share on other sites
Shibin 0 Posted October 13, 2010 Help!! I have the similar issue when using AutoIT, it works well on CMD. $sCmdLine = """N:\AutoIt\Tools\sigcheck.exe"" -q -v ""D:\xxx.exe"" > ""C:\DOCUME~1\ssong\LOCALS~1\Temp\xxx.csv""" RunWait($sCmdLine, @WindowsDir, @SW_HIDE) Share this post Link to post Share on other sites
JoHanatCent 13 Posted October 13, 2010 (edited) Help!! I have the similar issue when using AutoIT, it works well on CMD. $sCmdLine = """N:\AutoIt\Tools\sigcheck.exe"" -q -v ""D:\xxx.exe"" > ""C:\DOCUME~1\ssong\LOCALS~1\Temp\xxx.csv""" RunWait($sCmdLine, @WindowsDir, @SW_HIDE) To many quotes for me. Try: $sCmdLine = "N:\AutoIt\Tools\sigcheck.exe -q -v"&&"D:\xxx.exe > C:\DOCUME~1\ssong\LOCALS~1\Temp\xxx.csv" RunWait($sCmdLine, "", @SW_HIDE) Edited October 13, 2010 by JoHanatCent Share this post Link to post Share on other sites
PsaltyDS 39 Posted October 13, 2010 Help!! I have the similar issue when using AutoIT, it works well on CMD. $sCmdLine = """N:\AutoIt\Tools\sigcheck.exe"" -q -v ""D:\xxx.exe"" > ""C:\DOCUME~1\ssong\LOCALS~1\Temp\xxx.csv""" RunWait($sCmdLine, @WindowsDir, @SW_HIDE) I see nothing wrong with the way you included your literal quotes, assuming the desired result was: "N:\AutoIt\Tools\sigcheck.exe" -q -v "D:\xxx.exe" > "C:\DOCUME~1\ssong\LOCALS~1\Temp\xxx.csv" Another, sometimes less confusing way to do that is use single quotes to wrap the literal double quotes: $sCmdLine = '"N:\AutoIt\Tools\sigcheck.exe" -q -v "D:\xxx.exe" > "C:\DOCUME~1\ssong\LOCALS~1\Temp\xxx.csv"' When running it manually in a CMD console, do you really have to put quotes around the sigcheck.exe path? You might also try: $sExePath = 'N:\AutoIt\Tools\sigcheck.exe' $sParams = '-q -v "D:\xxx.exe" > "C:\DOCUME~1\ssong\LOCALS~1\Temp\xxx.csv"' ShellExecute($sExePath, $sParams) Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Share this post Link to post Share on other sites