1 files changed, 63 insertions, 0 deletions

diff --git a/doc/wsug_src/rawshark-h.txt b/doc/wsug_src/rawshark-h.txt
new file mode 100644
index 00000000..c7435001
--- /dev/null
+++ b/doc/wsug_src/rawshark-h.txt
@@ -0,0 +1,63 @@
+Rawshark (Wireshark) 4.4.0 (v4.4.0rc1-11-g13699b5b3e78)
+Dump and analyze network traffic.
+See https://www.wireshark.org for more information.
+
+Usage: rawshark [options] ...
+
+Input file:
+  -r <infile>, --read-file <infile>
+                            set the pipe or file name to read from
+
+Processing:
+  -d <encap:linktype>|<proto:protoname>
+                           packet encapsulation or protocol
+  -F <field>               field to display
+  -m                       virtual memory limit, in bytes
+  -n                       disable all name resolutions (def: "mNd" enabled, or
+                           as set in preferences)
+  -N <name resolve flags>  enable specific name resolution(s): "mnNtdv"
+  -p                       use the system's packet header format
+                           (which may have 64-bit timestamps)
+  -R <read filter>, --read-filter <read filter>
+                           packet filter in Wireshark display filter syntax
+  -s                       skip PCAP header on input
+  -Y <display filter>, --display-filter <display filter>
+                           packet filter in Wireshark display filter syntax
+  --enable-protocol <proto_name>
+                           enable dissection of proto_name
+  --disable-protocol <proto_name>
+                           disable dissection of proto_name
+  --only-protocols <protocols>
+                           Only enable dissection of these protocols, comma
+                           separated. Disable everything else
+  --disable-all-protocols
+                           Disable dissection of all protocols
+  --enable-heuristic <short_name>
+                           enable dissection of heuristic protocol
+  --disable-heuristic <short_name>
+                           disable dissection of heuristic protocol
+
+Output:
+  -l                       flush output after each packet
+  -S                       format string for fields
+                           (%D - name, %S - stringval, %N numval)
+  -t (a|ad|adoy|d|dd|e|r|u|ud|udoy)[.[N]]|.[N]
+                           output format of time stamps (def: r: rel. to first)
+  -u s|hms                 output format of seconds (def: s: seconds)
+
+Diagnostic output:
+  --log-level <level>      sets the active log level ("critical", "warning", etc.)
+  --log-fatal <level>      sets level to abort the program ("critical" or "warning")
+  --log-domains <[!]list>  comma-separated list of the active log domains
+  --log-fatal-domains <list>
+                           list of domains that cause the program to abort
+  --log-debug <[!]list>    list of domains with "debug" level
+  --log-noisy <[!]list>    list of domains with "noisy" level
+  --log-file <path>        file to output messages to (in addition to stderr)
+
+
+Miscellaneous:
+  -h, --help               display this help and exit
+  -v, --version            display version info and exit
+  -o <name>:<value> ...    override preference setting
+  -K <keytab>              keytab file to use for kerberos decryption