1 files changed, 94 insertions, 0 deletions
diff --git a/docbook/wsug_src/dumpcap-h.txt b/docbook/wsug_src/dumpcap-h.txt
new file mode 100644
index 00000000..23441e8e
--- /dev/null
+++ b/docbook/wsug_src/dumpcap-h.txt
@@ -0,0 +1,94 @@
+Dumpcap (Wireshark) 4.2.1 (v4.2.1rc0-11-gae025b2614ce)
+Capture network packets and dump them into a pcapng or pcap file.
+See https://www.wireshark.org for more information.
+
+Usage: dumpcap [options] ...
+
+Capture interface:
+  -i <interface>, --interface <interface>
+                           name or idx of interface (def: first non-loopback),
+                           or for remote capturing, use one of these formats:
+                               rpcap://<host>/<interface>
+                               TCP@<host>:<port>
+  --ifname <name>          name to use in the capture file for a pipe from which
+                           we're capturing
+  --ifdescr <description>
+                           description to use in the capture file for a pipe
+                           from which we're capturing
+  -f <capture filter>      packet filter in libpcap filter syntax
+  -s <snaplen>, --snapshot-length <snaplen>
+                           packet snapshot length (def: appropriate maximum)
+  -p, --no-promiscuous-mode
+                           don't capture in promiscuous mode
+  -I, --monitor-mode       capture in monitor mode, if available
+  -B <buffer size>, --buffer-size <buffer size>
+                           size of kernel buffer in MiB (def: 2MiB)
+  -y <link type>, --linktype <link type>
+                           link layer type (def: first appropriate)
+  --time-stamp-type <type> timestamp method for interface
+  -D, --list-interfaces    print list of interfaces and exit
+  -L, --list-data-link-types
+                           print list of link-layer types of iface and exit
+  --list-time-stamp-types  print list of timestamp types for iface and exit
+  --update-interval        interval between updates with new packets (def: 100ms)
+  -d                       print generated BPF code for capture filter
+  -k <freq>,[<type>],[<center_freq1>],[<center_freq2>]
+                           set channel on wifi interface
+  -S                       print statistics for each interface once per second
+  -M                       for -D, -L, and -S, produce machine-readable output
+
+Stop conditions:
+  -c <packet count>        stop after n packets (def: infinite)
+  -a <autostop cond.> ..., --autostop <autostop cond.> ...
+                           duration:NUM - stop after NUM seconds
+                           filesize:NUM - stop this file after NUM kB
+                              files:NUM - stop after NUM files
+                            packets:NUM - stop after NUM packets
+Output (files):
+  -w <filename>            name of file to save (def: tempfile)
+  -g                       enable group read access on the output file(s)
+  -b <ringbuffer opt.> ..., --ring-buffer <ringbuffer opt.>
+                           duration:NUM - switch to next file after NUM secs
+                           filesize:NUM - switch to next file after NUM kB
+                              files:NUM - ringbuffer: replace after NUM files
+                            packets:NUM - ringbuffer: replace after NUM packets
+                           interval:NUM - switch to next file when the time is
+                                          an exact multiple of NUM secs
+                          printname:FILE - print filename to FILE when written
+                                           (can use 'stdout' or 'stderr')
+  -n                       use pcapng format instead of pcap (default)
+  -P                       use libpcap format instead of pcapng
+  --capture-comment <comment>
+                           add a capture comment to the output file
+                           (only for pcapng)
+  --temp-dir <directory>   write temporary files to this directory
+                           (default: /tmp)
+
+Diagnostic output:
+  --log-level <level>      sets the active log level ("critical", "warning", etc.)
+  --log-fatal <level>      sets level to abort the program ("critical" or "warning")
+  --log-domains <[!]list>  comma-separated list of the active log domains
+  --log-fatal-domains <list>
+                           list of domains that cause the program to abort
+  --log-debug <[!]list>    list of domains with "debug" level
+  --log-noisy <[!]list>    list of domains with "noisy" level
+  --log-file <path>        file to output messages to (in addition to stderr)
+
+Miscellaneous:
+  -N <packet_limit>        maximum number of packets buffered within dumpcap
+  -C <byte_limit>          maximum number of bytes used for buffering packets
+                           within dumpcap
+  -t                       use a separate thread per interface
+  -q                       don't report packet capture counts
+  -v, --version            print version information and exit
+  -h, --help               display this help and exit
+
+Dumpcap can benefit from an enabled BPF JIT compiler if available.
+You might want to enable it by executing:
+ "echo 1 > /proc/sys/net/core/bpf_jit_enable"
+Note that this can make your system less secure!
+
+Example: dumpcap -i eth0 -a duration:60 -w output.pcapng
+"Capture packets from interface eth0 until 60s passed into output.pcapng"
+
+Use Ctrl-C to stop capturing at any time.