Wireshark - 1.0 Betriebsanweisung
9.2. Start Wireshark from the command line
You can start Wireshark from the command line, but it can also be started from most Window man-
agers as well. In this section we will look at starting it from the command line.
agers as well. In this section we will look at starting it from the command line.
Wireshark supports a large number of command line parameters. To see what they are, simply enter
the command wireshark -h and the help information shown in
the command wireshark -h and the help information shown in
(or something similar) should be printed.
Example 9.1. Help information available from Wireshark
Wireshark 0.99.6
Interactively dump and analyze network traffic.
See http://www.wireshark.org for more information.
Interactively dump and analyze network traffic.
See http://www.wireshark.org for more information.
Copyright 1998-2007 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Usage: wireshark [options] ... [ <infile> ]
Capture interface:
-i <interface>
name or idx of interface (def: first non-loopback)
-f <capture filter>
packet filter in libpcap filter syntax
-s <snaplen>
packet snapshot length (def: 65535)
-p
don't capture in promiscuous mode
-k
start capturing immediately (def: do nothing)
-Q
quit Wireshark after capturing
-S
update packet display when new packets are captured
-l
turn on automatic scrolling while -S is in use
-B <buffer size>
size of kernel buffer (def: 1MB)
-y <link type>
link layer type (def: first appropriate)
-D
print list of interfaces and exit
-L
print list of link-layer types of iface and exit
Capture stop conditions:
-c <packet count>
stop after n packets (def: infinite)
-a <autostop cond.> ...
duration:NUM - stop after NUM seconds
filesize:NUM - stop this file after NUM KB
filesize:NUM - stop this file after NUM KB
files:NUM - stop after NUM files
Capture output:
-b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs
filesize:NUM - switch to next file after NUM KB
files:NUM - ringbuffer: replace after NUM files
Input file:
-r <infile>
set the filename to read from (no pipes or stdin!)
Processing:
-R <read filter>
packet filter in Wireshark display filter syntax
-n
disable all name resolutions (def: all enabled)
-N <name resolve flags>
enable specific name resolution(s): "mntC"
User interface:
-g <packet number>
go to specified packet number after "-r"
-m <font>
set the font name used for most text
-t ad|a|r|d|dd|e
output format of time stamps (def: r: rel. to first)
-X <key>:<value>
eXtension options, see man page for details
-z <statistics>
show various statistics, see man page for details
Output:
-w <outfile|->
set the output filename (or '-' for stdout)
Miscellaneous:
-h
display this help and exit
-v
display version info and exit
-P <key:path>
persconf:path - personal configuration files
persdata:path - personal data files
persdata:path - personal data files
-o <name>:<value> ...
override preference or recent setting
We will examine each of the command line options in turn.
The first thing to notice is that issuing the command wireshark by itself will bring up Wireshark.
However, you can include as many of the command line parameters as you like. Their meanings are
as follows ( in alphabetical order ): XXX - is the alphabetical order a good choice? Maybe better
However, you can include as many of the command line parameters as you like. Their meanings are
as follows ( in alphabetical order ): XXX - is the alphabetical order a good choice? Maybe better
Customizing Wireshark
165