If I write the following command in a terminal it work perfectly

tcpdump -w 1.pcap -nnr <( zcat /work/save1.pcap.gz ) '((tcp[13]==2 or tcp[13]==4) and (dst port 80)) or (udp and dst port 5060)'

If I put it in a script I get an error like "unexpected "(" in line ..." I don't have the exact error line because I'm working on a server via ssh and now I don't have access to it. The server should run on BSD and right now I don't know which shell is used. I need to put such lines in a script because I need to execute this command on a large number of pcap.gz files.

can you redirect the .gz file into tcpdump via a pipe instead? i.e. gunzip -c pcap.gz | tcpdump ... ? Then you've eliminated the most like cause of the 'unexpected "("' error msg. Good luck. -

in the end I've used your solution because it has the same effect. I also discovered why my approach didn't work :… -

this is why it is helpful to post a question with the smallest amount of code that anyone can run and see the same problem. If we had seen you where using #!/bin/sh we could have advised you. Good luck! -

0 Respuestas

