Solved: Splunk app for PCAP analyzer - unable to create th...

splunker12er · ‎10-24-2015

OS : MAC
I have installed the app , and as per the steps I dropped a PCAP file(Sample_Traffic.pcap) in the mentioned folder , and tried to execute the script but it gives me the below error.

any thing else i need to consider here? Please help.

That string isn't a valid capture filter (illegal token).
    See the User's Guide for a description of the capture filter syntax.
    Capturing on 'awdl0'
    tshark: Invalid capture filter "–r Sample_Traffic.pcap -T fields -e frame.time -e ip.src -e ip.dst -e _ws.col.Protocol -e tcp.srcport -e tcp.dstport -e tcp.len -e tcp.window_size -e tcp.flags.syn -e tcp.flags.ack -e tcp.flags.push -e tcp.flags.fin -e tcp.flags.reset -e ip.ttl -e _ws.col.Info -e tcp.analysis.ack_rtt -e vlan.id" for interface 'awdl0'!

    That string isn't a valid capture filter (illegal token).
    See the User's Guide for a description of the capture filter syntax.

kidd452 · ‎10-30-2015

hello

I solve the problem.

you can open the shell file,and retype(just delete and type the same) the "tshark -r" for the same string.
I think that is UTF or some binary problem.

View solution in original post

kidd452 · ‎10-30-2015

hello

I solve the problem.

you can open the shell file,and retype(just delete and type the same) the "tshark -r" for the same string.
I think that is UTF or some binary problem.

Splunk app for PCAP analyzer - unable to create the csv file by running the script (pcap2csv.sh)

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!