tshark: prepend tshark to all examples in doc.
The doc has a mixed way of providing example, both without executable name and with it. Add it to all the provided examples. Add highlight of tshark in examples, too. Change-Id: I99d83201cc897629f186aabd20c0add9c7c53b93 Reviewed-on: https://code.wireshark.org/review/27034 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This commit is contained in:
parent
fc6b8ab698
commit
04aedf3682
|
@ -262,7 +262,7 @@ control when to go to the next file. It should be noted that each B<-b>
|
|||
parameter takes exactly one criterion; to specify two criterion, each must be
|
||||
preceded by the B<-b> option.
|
||||
|
||||
Example: B<-b filesize:1000 -b files:5> results in a ring buffer of five files
|
||||
Example: B<tshark -b filesize:1000 -b files:5> results in a ring buffer of five files
|
||||
of size one megabyte each.
|
||||
|
||||
=item -B E<lt>capture buffer sizeE<gt>
|
||||
|
@ -302,21 +302,21 @@ layer type should be dissected. If the layer type in question (for example,
|
|||
B<tcp.port> or B<udp.port> for a TCP or UDP port number) has the specified
|
||||
selector value, packets should be dissected as the specified protocol.
|
||||
|
||||
Example: B<-d tcp.port==8888,http> will decode any traffic running over
|
||||
Example: B<tshark -d tcp.port==8888,http> will decode any traffic running over
|
||||
TCP port 8888 as HTTP.
|
||||
|
||||
Example: B<-d tcp.port==8888:3,http> will decode any traffic running over
|
||||
Example: B<tshark -d tcp.port==8888:3,http> will decode any traffic running over
|
||||
TCP ports 8888, 8889 or 8890 as HTTP.
|
||||
|
||||
Example: B<-d tcp.port==8888-8890,http> will decode any traffic running over
|
||||
Example: B<tshark -d tcp.port==8888-8890,http> will decode any traffic running over
|
||||
TCP ports 8888, 8889 or 8890 as HTTP.
|
||||
|
||||
Using an invalid selector or protocol will print out a list of valid selectors
|
||||
and protocol names, respectively.
|
||||
|
||||
Example: B<-d .> is a quick way to get a list of valid selectors.
|
||||
Example: B<tshark -d .> is a quick way to get a list of valid selectors.
|
||||
|
||||
Example: B<-d ethertype==0x0800.> is a quick way to get a list of protocols that can be
|
||||
Example: B<tshark -d ethertype==0x0800.> is a quick way to get a list of protocols that can be
|
||||
selected with an ethertype.
|
||||
|
||||
=item -D
|
||||
|
@ -335,7 +335,7 @@ the interface name might be a long name or a GUID.
|
|||
Note that "can capture" means that B<TShark> was able to open that
|
||||
device to do a live capture. Depending on your system you may need to
|
||||
run tshark from an account with special privileges (for example, as
|
||||
root) to be able to capture network traffic. If B<TShark -D> is not run
|
||||
root) to be able to capture network traffic. If B<tshark -D> is not run
|
||||
from such an account, it will not list any interfaces.
|
||||
|
||||
=item -e E<lt>fieldE<gt>
|
||||
|
@ -345,7 +345,7 @@ is selected. This option can be used multiple times on the command line.
|
|||
At least one field must be provided if the B<-T fields> option is
|
||||
selected. Column names may be used prefixed with "_ws.col."
|
||||
|
||||
Example: B<-e frame.number -e ip.addr -e udp -e _ws.col.Info>
|
||||
Example: B<tshark -e frame.number -e ip.addr -e udp -e _ws.col.Info>
|
||||
|
||||
Giving a protocol rather than a single field will print multiple items
|
||||
of data about the protocol as a single field. Fields are separated by
|
||||
|
@ -398,7 +398,7 @@ the default capture filter expression is used if provided.
|
|||
|
||||
Pre-defined capture filter names, as shown in the GUI menu item Capture->Capture Filters,
|
||||
can be used by prefixing the argument with "predef:".
|
||||
Example: B<-f "predef:MyPredefinedHostOnlyFilter">
|
||||
Example: B<tshark -f "predef:MyPredefinedHostOnlyFilter">
|
||||
|
||||
=item -F E<lt>file formatE<gt>
|
||||
|
||||
|
@ -606,21 +606,21 @@ Protocol match filter used for ek|json|jsonraw|pdml output file types.
|
|||
Parent node containing multiple child nodes is only included,
|
||||
if the name is found in the filter.
|
||||
|
||||
Example: B<-j "ip ip.flags text">
|
||||
Example: B<tshark -j "ip ip.flags text">
|
||||
|
||||
=item -J E<lt>protocol match filterE<gt>
|
||||
|
||||
Protocol top level filter used for ek|json|jsonraw|pdml output file types.
|
||||
Parent node containing multiple child nodes is included with all children.
|
||||
|
||||
Example: B<-J "http tcp">
|
||||
Example: B<tshark -J "http tcp">
|
||||
|
||||
=item -K E<lt>keytabE<gt>
|
||||
|
||||
Load kerberos crypto keys from the specified keytab file.
|
||||
This option can be used multiple times to load keys from several files.
|
||||
|
||||
Example: B<-K krb5.keytab>
|
||||
Example: B<tshark -K krb5.keytab>
|
||||
|
||||
=item -l
|
||||
|
||||
|
@ -849,7 +849,7 @@ the mapping file can be huge, protocols can be selected by using the option
|
|||
B<fields> The values of fields specified with the B<-e> option, in a
|
||||
form specified by the B<-E> option. For example,
|
||||
|
||||
-T fields -E separator=, -E quote=d
|
||||
tshark -T fields -E separator=, -E quote=d
|
||||
|
||||
would generate comma-separated values (CSV) output suitable for importing
|
||||
into your favorite spreadsheet program.
|
||||
|
@ -930,7 +930,7 @@ option for this.
|
|||
Save extra information in the file if the format supports it. For
|
||||
example,
|
||||
|
||||
-F pcapng -W n
|
||||
tshark -F pcapng -W n
|
||||
|
||||
will save host name resolution records along with captured packets.
|
||||
|
||||
|
@ -996,7 +996,7 @@ is one) will be checked against this filter.
|
|||
Automatically reset internal session when reached to specified number of packets.
|
||||
for example,
|
||||
|
||||
-M 100000
|
||||
tshark -M 100000
|
||||
|
||||
will reset session every 100000 packets.
|
||||
|
||||
|
@ -1288,7 +1288,7 @@ Minimum SRT, Maximum SRT, Average SRT, Minimum in Packet, and Maximum in Packet.
|
|||
You will also get the number of Open Requests (Unresponded Requests),
|
||||
Discarded Responses (Responses without matching request) and Duplicate Messages.
|
||||
|
||||
Example: B<-z h225,srt>
|
||||
Example: B<tshark -z h225,srt>
|
||||
|
||||
This option can be used multiple times on the command line.
|
||||
|
||||
|
@ -1421,7 +1421,7 @@ B<SUM(I<field>)I<filter>> - Unlike COUNT, the I<values> of the
|
|||
specified field are summed per time interval.
|
||||
''I<field>'' can only be a named integer, float, double or relative time field.
|
||||
|
||||
Example: B<-z io,stat,0.010,E<34>SUM(frame.len)frame.lenE<34>>
|
||||
Example: B<tshark -z io,stat,0.010,E<34>SUM(frame.len)frame.lenE<34>>
|
||||
|
||||
Reports the total number of bytes that were transmitted bidirectionally in
|
||||
all the packets within a 10 millisecond interval.
|
||||
|
@ -1530,7 +1530,7 @@ This option will activate a counter for LTE MAC messages. You will get
|
|||
information about the maximum number of UEs/TTI, common messages and
|
||||
various counters for each UE that appears in the log.
|
||||
|
||||
Example: B<-z mac-lte,stat>.
|
||||
Example: B<tshark -z mac-lte,stat>.
|
||||
|
||||
This option can be used multiple times on the command line.
|
||||
|
||||
|
@ -1605,7 +1605,7 @@ This option will activate a counter for LTE RLC messages. You will get
|
|||
information about common messages and various counters for each UE that appears
|
||||
in the log.
|
||||
|
||||
Example: B<-z rlc-lte,stat>.
|
||||
Example: B<tshark -z rlc-lte,stat>.
|
||||
|
||||
This option can be used multiple times on the command line.
|
||||
|
||||
|
@ -1628,7 +1628,7 @@ Data collected is the number of calls for each procedure, MinSRT, MaxSRT,
|
|||
AvgSRT, and the total time taken for each procedure.
|
||||
|
||||
|
||||
Example: B<-z rpc,srt,100003,3> will collect data for NFS v3.
|
||||
Example: B<tshark -z rpc,srt,100003,3> will collect data for NFS v3.
|
||||
|
||||
This option can be used multiple times on the command line.
|
||||
|
||||
|
|
Loading…
Reference in New Issue