2021-06-27 09:29:00 +00:00
|
|
|
Wireshark 3.5.0 (v3.5.0rc0-2343-gfa21433c35b1)
|
2019-11-25 03:41:49 +00:00
|
|
|
Interactively dump and analyze network traffic.
|
|
|
|
See https://www.wireshark.org for more information.
|
|
|
|
|
|
|
|
Usage: wireshark [options] ... [ <infile> ]
|
|
|
|
|
|
|
|
Capture interface:
|
|
|
|
-i <interface>, --interface <interface>
|
|
|
|
name or idx of interface (def: first non-loopback)
|
|
|
|
-f <capture filter> packet filter in libpcap filter syntax
|
|
|
|
-s <snaplen>, --snapshot-length <snaplen>
|
|
|
|
packet snapshot length (def: appropriate maximum)
|
|
|
|
-p, --no-promiscuous-mode
|
|
|
|
don't capture in promiscuous mode
|
|
|
|
-k start capturing immediately (def: do nothing)
|
|
|
|
-S update packet display when new packets are captured
|
|
|
|
-l turn on automatic scrolling while -S is in use
|
|
|
|
-I, --monitor-mode capture in monitor mode, if available
|
|
|
|
-B <buffer size>, --buffer-size <buffer size>
|
|
|
|
size of kernel buffer (def: 2MB)
|
|
|
|
-y <link type>, --linktype <link type>
|
|
|
|
link layer type (def: first appropriate)
|
|
|
|
--time-stamp-type <type> timestamp method for interface
|
|
|
|
-D, --list-interfaces print list of interfaces and exit
|
|
|
|
-L, --list-data-link-types
|
|
|
|
print list of link-layer types of iface and exit
|
|
|
|
--list-time-stamp-types print list of timestamp types for iface and exit
|
|
|
|
|
|
|
|
Capture stop conditions:
|
|
|
|
-c <packet count> stop after n packets (def: infinite)
|
|
|
|
-a <autostop cond.> ..., --autostop <autostop cond.> ...
|
|
|
|
duration:NUM - stop after NUM seconds
|
|
|
|
filesize:NUM - stop this file after NUM KB
|
|
|
|
files:NUM - stop after NUM files
|
|
|
|
packets:NUM - stop after NUM packets
|
|
|
|
Capture output:
|
|
|
|
-b <ringbuffer opt.> ..., --ring-buffer <ringbuffer opt.>
|
|
|
|
duration:NUM - switch to next file after NUM secs
|
|
|
|
filesize:NUM - switch to next file after NUM KB
|
|
|
|
files:NUM - ringbuffer: replace after NUM files
|
|
|
|
packets:NUM - switch to next file after NUM packets
|
|
|
|
interval:NUM - switch to next file when the time is
|
|
|
|
an exact multiple of NUM secs
|
|
|
|
Input file:
|
|
|
|
-r <infile>, --read-file <infile>
|
|
|
|
set the filename to read from (no pipes or stdin!)
|
|
|
|
|
|
|
|
Processing:
|
|
|
|
-R <read filter>, --read-filter <read filter>
|
|
|
|
packet filter in Wireshark display filter syntax
|
|
|
|
-n disable all name resolutions (def: all enabled)
|
|
|
|
-N <name resolve flags> enable specific name resolution(s): "mnNtdv"
|
|
|
|
-d <layer_type>==<selector>,<decode_as_protocol> ...
|
|
|
|
"Decode As", see the man page for details
|
|
|
|
Example: tcp.port==8888,http
|
|
|
|
--enable-protocol <proto_name>
|
|
|
|
enable dissection of proto_name
|
|
|
|
--disable-protocol <proto_name>
|
|
|
|
disable dissection of proto_name
|
|
|
|
--enable-heuristic <short_name>
|
|
|
|
enable dissection of heuristic protocol
|
|
|
|
--disable-heuristic <short_name>
|
|
|
|
disable dissection of heuristic protocol
|
|
|
|
|
|
|
|
User interface:
|
|
|
|
-C <config profile> start with specified configuration profile
|
|
|
|
-H hide the capture info dialog during packet capture
|
|
|
|
-Y <display filter>, --display-filter <display filter>
|
|
|
|
start with the given display filter
|
|
|
|
-g <packet number> go to specified packet number after "-r"
|
|
|
|
-J <jump filter> jump to the first packet matching the (display)
|
|
|
|
filter
|
|
|
|
-j search backwards for a matching packet after "-J"
|
|
|
|
-t a|ad|adoy|d|dd|e|r|u|ud|udoy
|
|
|
|
format of time stamps (def: r: rel. to first)
|
|
|
|
-u s|hms output format of seconds (def: s: seconds)
|
|
|
|
-X <key>:<value> eXtension options, see man page for details
|
|
|
|
-z <statistics> show various statistics, see man page for details
|
|
|
|
|
|
|
|
Output:
|
|
|
|
-w <outfile|-> set the output filename (or '-' for stdout)
|
|
|
|
--capture-comment <comment>
|
|
|
|
set the capture file comment, if supported
|
2021-06-20 09:29:35 +00:00
|
|
|
Diagnostic output:
|
2021-06-27 09:29:00 +00:00
|
|
|
--log-level <level> sets the active log level ("critical", "warning", etc.)
|
|
|
|
--log-fatal <level> sets level to abort the program ("critical" or "warning")
|
|
|
|
--log-domains <[!]list> comma separated list of the active log domains
|
|
|
|
--log-debug <[!]list> comma separated list of domains with "debug" level
|
|
|
|
--log-noisy <[!]list> comma separated list of domains with "noisy" level
|
|
|
|
--log-file <path> file to output messages to (in addition to stderr)
|
2019-11-25 03:41:49 +00:00
|
|
|
|
|
|
|
Miscellaneous:
|
|
|
|
-h, --help display this help and exit
|
|
|
|
-v, --version display version info and exit
|
|
|
|
-P <key>:<path> persconf:path - personal configuration files
|
|
|
|
persdata:path - personal data files
|
|
|
|
-o <name>:<value> ... override preference or recent setting
|
|
|
|
-K <keytab> keytab file to use for kerberos decryption
|
|
|
|
--display <X display> X display to use
|
|
|
|
--fullscreen start Wireshark in full screen
|