ionut Posted July 27, 2010 Share Posted July 27, 2010 Hello, I am trying to start a tshark packet capture using the following script: #include <Constants.au3> $bytePatternList="""ip[1:1] == 0x40""" $captureInterface="\Device\NPF_{9B31E451-BF23-4610-AD0D-DE271508E93C}" $foo = Run(@ProgramFilesDir & "\Wireshark\tshark.exe -f " & $bytePatternList & " -i " & $captureInterface & " -z io,phs > logs.txt") ConsoleWrite("tshark.exe -f " & $bytePatternList & " -i " & $captureInterface & " -z io,phs > logs.txt" & @CRLF) The problem is that Tshark throws the following error after the Run command: "tshark: Capture filters were specified both with "-f" and with additional command-line arguments". If I open up a cmd session and paste the output of the ConsoleWrite command from above tshark will not raise any errors: "C:\Program Files (x86)\Wireshark>tshark.exe -f "ip[1:1] == 0x40" -i \Device\NPF_{9B31E451-BF23-4610-AD0D-DE271508E93C} -z io,phs > logs.txt Capturing on IntelĀ® PRO/1000 EB Network Connection with I/O Acceleration 0 packets captured" My conclusion is that the Run command is not passing correctly the string to tshark. The problem lies at the "> logs.txt" string. If I remove it, no error occurs. But I would like to redirect the output of tshark to a file using this tshark syntax. Does anyone know if there is a problem passing the ">" character using Run command? Is there any other problem with my script? Thank you, Ionut PS I have a workaround - that's reading directly from STDOUT but I am limited by the buffer size. Link to comment Share on other sites More sharing options...
PsaltyDS Posted July 27, 2010 Share Posted July 27, 2010 Add @ProgramFilesDir & "\Wireshark" as your working directory in the Run() parameters. Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
ionut Posted July 27, 2010 Author Share Posted July 27, 2010 Add @ProgramFilesDir & "\Wireshark" as your working directory in the Run() parameters. Same error from tshark. This is the code you have suggested and I have tried: $foo = Run(@ProgramFilesDir & "\Wireshark\tshark.exe -f " & $bytePatternList & " -i " & $captureInterface & " -z io,phs > logs.txt", @ProgramFilesDir & "\Wireshark", @SW_SHOW, $STDIN_CHILD) Thanks, Ionut Link to comment Share on other sites More sharing options...
PsaltyDS Posted July 27, 2010 Share Posted July 27, 2010 Hmm... Compare this: @ProgramFilesDir & "\Wireshark\tshark.exe -f " To this: "C:\Program Files (x86)\Wireshark>tshark.exe -f " Two things stand out: 1. Is @ProgramFilesDir giving you the "(x86)"? 2. Since it contains spaces, you should enclose the executable path in double quotes. #include <Constants.au3> $bytePatternList='"ip[1:1] == 0x40"' $captureInterface='\Device\NPF_{9B31E451-BF23-4610-AD0D-DE271508E93C}' $sProgFiles = @ProgramFilesDir If StringInStr(@OSArch, '64') Then $sProgFiles = 'C:\Program Files (x86)' $sExtCmd = '"' & $sProgFiles & '\Wireshark\tshark.exe" -f ' & $bytePatternList & ' -i ' & $captureInterface & ' -z io,phs > logs.txt' $foo = Run($sExtCmd, $sProgFiles & '\Wireshark') Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
ionut Posted July 27, 2010 Author Share Posted July 27, 2010 @PsaltyDS: I've tweaked a little bit the code to see the error in the Autoit Console: $foo = Run($sExtCmd, $sProgFiles & '\Wireshark', @SW_HIDE, $STDIN_CHILD) I am still getting the same error: "tshark: Capture filters were specified both with "-f" and with additional command-line arguments" The "Program Files (x86)" path is correct - I am running on a x64 Application Server. Thanks, Ionut Link to comment Share on other sites More sharing options...
ionut Posted July 27, 2010 Author Share Posted July 27, 2010 Running manually from the cmd line works : C:\Program Files (x86)\Wireshark>"C:\Program Files (x86)\Wireshark\tshark.exe" -f "ip[1:1] == 0x40" -i \Device\NPF_{9B31E451-BF23-4610-AD0D-DE271508E93C} -z io,phs > d:\logs.txt Capturing on IntelĀ® PRO/1000 EB Network Connection with I/O Acceleration I can't figure out what is the difference between the command run from Autoit and the manual run.... Link to comment Share on other sites More sharing options...
Shibin Posted October 13, 2010 Share Posted October 13, 2010 Help!! I have the similar issue when using AutoIT, it works well on CMD. $sCmdLine = """N:\AutoIt\Tools\sigcheck.exe"" -q -v ""D:\xxx.exe"" > ""C:\DOCUME~1\ssong\LOCALS~1\Temp\xxx.csv""" RunWait($sCmdLine, @WindowsDir, @SW_HIDE) Link to comment Share on other sites More sharing options...
JoHanatCent Posted October 13, 2010 Share Posted October 13, 2010 (edited) Help!! I have the similar issue when using AutoIT, it works well on CMD. $sCmdLine = """N:\AutoIt\Tools\sigcheck.exe"" -q -v ""D:\xxx.exe"" > ""C:\DOCUME~1\ssong\LOCALS~1\Temp\xxx.csv""" RunWait($sCmdLine, @WindowsDir, @SW_HIDE) To many quotes for me. Try: $sCmdLine = "N:\AutoIt\Tools\sigcheck.exe -q -v"&&"D:\xxx.exe > C:\DOCUME~1\ssong\LOCALS~1\Temp\xxx.csv" RunWait($sCmdLine, "", @SW_HIDE) Edited October 13, 2010 by JoHanatCent Link to comment Share on other sites More sharing options...
PsaltyDS Posted October 13, 2010 Share Posted October 13, 2010 Help!! I have the similar issue when using AutoIT, it works well on CMD. $sCmdLine = """N:\AutoIt\Tools\sigcheck.exe"" -q -v ""D:\xxx.exe"" > ""C:\DOCUME~1\ssong\LOCALS~1\Temp\xxx.csv""" RunWait($sCmdLine, @WindowsDir, @SW_HIDE) I see nothing wrong with the way you included your literal quotes, assuming the desired result was: "N:\AutoIt\Tools\sigcheck.exe" -q -v "D:\xxx.exe" > "C:\DOCUME~1\ssong\LOCALS~1\Temp\xxx.csv" Another, sometimes less confusing way to do that is use single quotes to wrap the literal double quotes: $sCmdLine = '"N:\AutoIt\Tools\sigcheck.exe" -q -v "D:\xxx.exe" > "C:\DOCUME~1\ssong\LOCALS~1\Temp\xxx.csv"' When running it manually in a CMD console, do you really have to put quotes around the sigcheck.exe path? You might also try: $sExePath = 'N:\AutoIt\Tools\sigcheck.exe' $sParams = '-q -v "D:\xxx.exe" > "C:\DOCUME~1\ssong\LOCALS~1\Temp\xxx.csv"' ShellExecute($sExePath, $sParams) Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now