59 lines
3.1 KiB
Plaintext
59 lines
3.1 KiB
Plaintext
|
Dumpcap (Wireshark) 2.5.0 (v2.5.0rc0-1171-g33c00a67)
|
||
|
Capture network packets and dump them into a pcapng or pcap file.
|
||
|
See https://www.wireshark.org for more information.
|
||
|
|
||
|
Usage: dumpcap [options] ...
|
||
|
|
||
|
Capture interface:
|
||
|
-i <interface> name or idx of interface (def: first non-loopback),
|
||
|
or for remote capturing, use one of these formats:
|
||
|
rpcap://<host>/<interface>
|
||
|
TCP@<host>:<port>
|
||
|
-f <capture filter> packet filter in libpcap filter syntax
|
||
|
-s <snaplen> packet snapshot length (def: appropriate maximum)
|
||
|
-p don't capture in promiscuous mode
|
||
|
-I capture in monitor mode, if available
|
||
|
-B <buffer size> size of kernel buffer in MiB (def: 2MiB)
|
||
|
-y <link type> link layer type (def: first appropriate)
|
||
|
--time-stamp-type <type> timestamp method for interface
|
||
|
-D print list of interfaces and exit
|
||
|
-L print list of link-layer types of iface and exit
|
||
|
--list-time-stamp-types print list of timestamp types for iface and exit
|
||
|
-d print generated BPF code for capture filter
|
||
|
-k set channel on wifi interface:
|
||
|
<freq>,[<type>],[<center_freq1>],[<center_freq2>]
|
||
|
-S print statistics for each interface once per second
|
||
|
-M for -D, -L, and -S, produce machine-readable output
|
||
|
|
||
|
Stop conditions:
|
||
|
-c <packet count> stop after n packets (def: infinite)
|
||
|
-a <autostop cond.> ... duration:NUM - stop after NUM seconds
|
||
|
filesize:NUM - stop this file after NUM KB
|
||
|
files:NUM - stop after NUM files
|
||
|
Output (files):
|
||
|
-w <filename> name of file to save (def: tempfile)
|
||
|
-g enable group read access on the output file(s)
|
||
|
-b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs
|
||
|
interval:NUM - create time intervals of NUM secs
|
||
|
filesize:NUM - switch to next file after NUM KB
|
||
|
files:NUM - ringbuffer: replace after NUM files
|
||
|
-n use pcapng format instead of pcap (default)
|
||
|
-P use libpcap format instead of pcapng
|
||
|
--capture-comment <comment>
|
||
|
add a capture comment to the output file
|
||
|
(only for pcapng)
|
||
|
|
||
|
Miscellaneous:
|
||
|
-N <packet_limit> maximum number of packets buffered within dumpcap
|
||
|
-C <byte_limit> maximum number of bytes used for buffering packets
|
||
|
within dumpcap
|
||
|
-t use a separate thread per interface
|
||
|
-q don't report packet capture counts
|
||
|
-v print version information and exit
|
||
|
-h display this help and exit
|
||
|
|
||
|
Example: dumpcap -i eth0 -a duration:60 -w output.pcapng
|
||
|
"Capture packets from interface eth0 until 60s passed into output.pcapng"
|
||
|
|
||
|
Use Ctrl-C to stop capturing at any time.
|