Wireshark 4.4.0 (v4.4.0rc1-11-g13699b5b3e78) Interactively dump and analyze network traffic. See https://www.wireshark.org for more information. Usage: wireshark [options] ... [ ] Capture interface: -i , --interface name or idx of interface (def: first non-loopback) -f packet filter in libpcap filter syntax -s , --snapshot-length packet snapshot length (def: appropriate maximum) -p, --no-promiscuous-mode don't capture in promiscuous mode -I, --monitor-mode capture in monitor mode, if available -B , --buffer-size size of kernel buffer (def: 2MB) -y , --linktype link layer type (def: first appropriate) --time-stamp-type timestamp method for interface -D, --list-interfaces print list of interfaces and exit -L, --list-data-link-types print list of link-layer types of iface and exit --list-time-stamp-types print list of timestamp types for iface and exit Capture display: -k start capturing immediately (def: do nothing) -S update packet display when new packets are captured --update-interval interval between updates with new packets (def: 100ms) -l turn on automatic scrolling while -S is in use Capture stop conditions: -c stop after n packets (def: infinite) -a ..., --autostop ... duration:NUM - stop after NUM seconds filesize:NUM - stop this file after NUM KB files:NUM - stop after NUM files packets:NUM - stop after NUM packets Capture output: -b ..., --ring-buffer duration:NUM - switch to next file after NUM secs filesize:NUM - switch to next file after NUM KB files:NUM - ringbuffer: replace after NUM files packets:NUM - switch to next file after NUM packets interval:NUM - switch to next file when the time is an exact multiple of NUM secs Input file: -r , --read-file set the filename to read from (no pipes or stdin!) Processing: -R , --read-filter packet filter in Wireshark display filter syntax -n disable all name resolutions (def: all enabled) -N enable specific name resolution(s): "mtndsNvg" -d ==, ... "Decode As", see the man page for details Example: tcp.port==8888,http --enable-protocol enable dissection of proto_name --disable-protocol disable dissection of proto_name --only-protocols Only enable dissection of these protocols, comma separated. Disable everything else --disable-all-protocols Disable dissection of all protocols --enable-heuristic enable dissection of heuristic protocol --disable-heuristic disable dissection of heuristic protocol User interface: -C start with specified configuration profile -H hide the capture info dialog during packet capture -Y , --display-filter start with the given display filter -g go to specified packet number after "-r" -J jump to the first packet matching the (display) filter -j search backwards for a matching packet after "-J" -t (a|ad|adoy|d|dd|e|r|u|ud|udoy)[.[N]]|.[N] format of time stamps (def: r: rel. to first) -u s|hms output format of seconds (def: s: seconds) -X : eXtension options, see man page for details -z show various statistics, see man page for details Output: -w set the output filename (or '-' for stdout) -F set the output file type; default is pcapng. an empty "-F" option will list the file types. --capture-comment add a capture file comment, if supported --temp-dir write temporary files to this directory (default: /tmp) Diagnostic output: --log-level sets the active log level ("critical", "warning", etc.) --log-fatal sets level to abort the program ("critical" or "warning") --log-domains <[!]list> comma-separated list of the active log domains --log-fatal-domains list of domains that cause the program to abort --log-debug <[!]list> list of domains with "debug" level --log-noisy <[!]list> list of domains with "noisy" level --log-file file to output messages to (in addition to stderr) Miscellaneous: -h, --help display this help and exit -v, --version display version info and exit -P : persconf:path - personal configuration files persdata:path - personal data files -o : ... override preference or recent setting -K keytab file to use for kerberos decryption --display X display to use --fullscreen start Wireshark in full screen