diff options
Diffstat (limited to 'doc/wsug_src/wireshark-h.txt')
| -rw-r--r-- | doc/wsug_src/wireshark-h.txt | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/doc/wsug_src/wireshark-h.txt b/doc/wsug_src/wireshark-h.txt new file mode 100644 index 00000000..954b0965 --- /dev/null +++ b/doc/wsug_src/wireshark-h.txt @@ -0,0 +1,114 @@ +Wireshark 4.4.0 (v4.4.0rc1-11-g13699b5b3e78) +Interactively dump and analyze network traffic. +See https://www.wireshark.org for more information. + +Usage: wireshark [options] ... [ <infile> ] + +Capture interface: + -i <interface>, --interface <interface> + name or idx of interface (def: first non-loopback) + -f <capture filter> packet filter in libpcap filter syntax + -s <snaplen>, --snapshot-length <snaplen> + packet snapshot length (def: appropriate maximum) + -p, --no-promiscuous-mode + don't capture in promiscuous mode + -I, --monitor-mode capture in monitor mode, if available + -B <buffer size>, --buffer-size <buffer size> + size of kernel buffer (def: 2MB) + -y <link type>, --linktype <link type> + link layer type (def: first appropriate) + --time-stamp-type <type> timestamp method for interface + -D, --list-interfaces print list of interfaces and exit + -L, --list-data-link-types + print list of link-layer types of iface and exit + --list-time-stamp-types print list of timestamp types for iface and exit + +Capture display: + -k start capturing immediately (def: do nothing) + -S update packet display when new packets are captured + --update-interval interval between updates with new packets (def: 100ms) + -l turn on automatic scrolling while -S is in use +Capture stop conditions: + -c <packet count> stop after n packets (def: infinite) + -a <autostop cond.> ..., --autostop <autostop cond.> ... + duration:NUM - stop after NUM seconds + filesize:NUM - stop this file after NUM KB + files:NUM - stop after NUM files + packets:NUM - stop after NUM packets +Capture output: + -b <ringbuffer opt.> ..., --ring-buffer <ringbuffer opt.> + duration:NUM - switch to next file after NUM secs + filesize:NUM - switch to next file after NUM KB + files:NUM - ringbuffer: replace after NUM files + packets:NUM - switch to next file after NUM packets + interval:NUM - switch to next file when the time is + an exact multiple of NUM secs +Input file: + -r <infile>, --read-file <infile> + set the filename to read from (no pipes or stdin!) + +Processing: + -R <read filter>, --read-filter <read filter> + packet filter in Wireshark display filter syntax + -n disable all name resolutions (def: all enabled) + -N <name resolve flags> enable specific name resolution(s): "mtndsNvg" + -d <layer_type>==<selector>,<decode_as_protocol> ... + "Decode As", see the man page for details + Example: tcp.port==8888,http + --enable-protocol <proto_name> + enable dissection of proto_name + --disable-protocol <proto_name> + disable dissection of proto_name + --only-protocols <proto_name> + Only enable dissection of these protocols, comma + separated. Disable everything else + --disable-all-protocols + Disable dissection of all protocols + --enable-heuristic <short_name> + enable dissection of heuristic protocol + --disable-heuristic <short_name> + disable dissection of heuristic protocol + +User interface: + -C <config profile> start with specified configuration profile + -H hide the capture info dialog during packet capture + -Y <display filter>, --display-filter <display filter> + start with the given display filter + -g <packet number> go to specified packet number after "-r" + -J <jump filter> jump to the first packet matching the (display) + filter + -j search backwards for a matching packet after "-J" + -t (a|ad|adoy|d|dd|e|r|u|ud|udoy)[.[N]]|.[N] + format of time stamps (def: r: rel. to first) + -u s|hms output format of seconds (def: s: seconds) + -X <key>:<value> eXtension options, see man page for details + -z <statistics> show various statistics, see man page for details + +Output: + -w <outfile|-> set the output filename (or '-' for stdout) + -F <capture type> set the output file type; default is pcapng. + an empty "-F" option will list the file types. + --capture-comment <comment> + add a capture file comment, if supported + --temp-dir <directory> write temporary files to this directory + (default: /tmp) + +Diagnostic output: + --log-level <level> sets the active log level ("critical", "warning", etc.) + --log-fatal <level> sets level to abort the program ("critical" or "warning") + --log-domains <[!]list> comma-separated list of the active log domains + --log-fatal-domains <list> + list of domains that cause the program to abort + --log-debug <[!]list> list of domains with "debug" level + --log-noisy <[!]list> list of domains with "noisy" level + --log-file <path> file to output messages to (in addition to stderr) + +Miscellaneous: + -h, --help display this help and exit + -v, --version display version info and exit + -P <key>:<path> persconf:path - personal configuration files + persdata:path - personal data files + -o <name>:<value> ... override preference or recent setting + -K <keytab> keytab file to use for kerberos decryption + --display <X display> X display to use + --fullscreen start Wireshark in full screen |