<example id="AppToolstsharkEx">
<title>Help information available from tshark</title>
<programlisting>
-TShark 1.11.0 (SVN Rev 49633 from /trunk)
+TShark 1.11.0 (SVN Rev 51944 from /trunk)
Dump and analyze network traffic.
See http://www.wireshark.org for more information.
aggregator=,|/s|<char> select comma, space, printable character as
aggregator
quote=d|s|n select double, single, no quotes for values
- -t ad|a|r|d|dd|e output format of time stamps (def: r: rel. to first)
+ -t a|ad|d|dd|e|r|u|ud output format of time stamps (def: r: rel. to first)
-u s|hms output format of seconds (def: s: seconds)
-l flush standard output after each packet
-q be more quiet on stdout (e.g. when using statistics)
n = write network address resolution information
-X <key>:<value> eXtension options, see the man page for details
-z <statistics> various statistics, see the man page for details
+ --capture-comment <comment>
+ add a capture comment to the newly created
+ output file (only for pcapng)
Miscellaneous:
-h display this help and exit
<example id="AppToolsdumpcapEx">
<title>Help information available from dumpcap</title>
<programlisting>
-Dumpcap 1.11.0 (SVN Rev 49633 from /trunk)
+Dumpcap 1.11.0 (SVN Rev 51944 from /trunk)
Capture network packets and dump them into a pcapng file.
See http://www.wireshark.org for more information.
files:NUM - ringbuffer: replace after NUM files
-n use pcapng format instead of pcap (default)
-P use libpcap format instead of pcapng
+ --capture-comment <comment>
+ add a capture comment to the output file
+ (only for pcapng)
Miscellaneous:
-N <packet_limit> maximum number of packets buffered within dumpcap
- -C <byte_limit> maximum number of bytes used for buffering packets within dumpcap
+ -C <byte_limit> maximum number of bytes used for buffering packets
+ within dumpcap
-t use a separate thread per interface
-q don't report packet capture counts
-v print version information and exit
<example id="AppToolscapinfosEx">
<title>Help information available from capinfos</title>
<programlisting>
-Capinfos 1.11.0 (SVN Rev 49633 from /trunk)
+Capinfos 1.11.0 (SVN Rev 51944 from /trunk)
Prints various information (infos) about capture files.
See http://www.wireshark.org for more information.
-C cancel processing if file open fails (default is to continue)
-A generate all infos (default)
-Options are processed from left to right order with later options superceeding
+Options are processed from left to right order with later options superceding
or adding to earlier options.
If no options are given the default is to display all infos in long report
<example id="AppToolsrawsharkEx">
<title>Help information available from rawshark</title>
<programlisting>
-Rawshark 1.11.0 (SVN Rev 49633 from /trunk)
+Rawshark 1.11.0 (SVN Rev 51944 from /trunk)
Dump and analyze network traffic.
See http://www.wireshark.org for more information.
-r <infile> set the pipe or file name to read from
Processing:
- -d <encap:dlt>|<proto:protoname>
+ -d <encap:linktype>|<proto:protoname>
packet encapsulation or protocol
-F <field> field to display
-n disable all name resolution (def: all enabled)
<title>Help information available from editcap</title>
<para>
<programlisting>
-Editcap 1.11.0 (SVN Rev 49633 from /trunk)
+Editcap 1.11.0 (SVN Rev 51944 from /trunk)
Edit and/or translate the format of capture files.
See http://www.wireshark.org for more information.
Packet manipulation:
-s <snaplen> truncate each packet to max. <snaplen> bytes of data.
- -C <choplen> chop each packet by <choplen> bytes. Positive values
+ -C [offset:]<choplen> chop each packet by <choplen> bytes. Positive values
chop at the packet beginning, negative values at the
- packet end.
+ packet end. If an optional offset precedes the length,
+ then the bytes chopped will be offset from that value.
+ Positive offsets are from the packet beginning,
+ negative offsets are from the packet end. You can use
+ this option more than once, allowing up to 2 chopping
+ regions within a packet provided that at least 1
+ choplen is positive and at least 1 is negative.
+ -L adjust the frame length when chopping and/or snapping
-t <time adjustment> adjust the timestamp of each packet;
<time adjustment> is in relative seconds (e.g. -0.5).
-S <strict adjustment> adjust timestamp of packets if necessary to insure
that each packet's delta time is the absolute value
of the adjustment specified. A value of -0 will set
all packets to the timestamp of the first packet.
- -E <error probability> set the probability (between 0.0 and 1.0 incl.)
- that a particular packet byte will be randomly changed.
+ -E <error probability> set the probability (between 0.0 and 1.0 incl.) that
+ a particular packet byte will be randomly changed.
Output File(s):
- -c <packets per file> split the packet output to different files
- based on uniform packet counts
- with a maximum of <packets per file> each.
- -i <seconds per file> split the packet output to different files
- based on uniform time intervals
- with a maximum of <seconds per file> each.
- -F <capture type> set the output file type; default is pcapng.
- an empty "-F" option will list the file types.
- -T <encap type> set the output file encapsulation type;
- default is the same as the input file.
- an empty "-T" option will list the encapsulation types.
+ -c <packets per file> split the packet output to different files based on
+ uniform packet counts with a maximum of
+ <packets per file> each.
+ -i <seconds per file> split the packet output to different files based on
+ uniform time intervals with a maximum of
+ <seconds per file> each.
+ -F <capture type> set the output file type; default is pcapng. An empty
+ "-F" option will list the file types.
+ -T <encap type> set the output file encapsulation type; default is the
+ same as the input file. an empty "-T" option will
+ list the encapsulation types.
Miscellaneous:
-h display this help and exit.
eyesdn - EyeSDN USB S0/E1 ISDN trace format
k12text - K12 text file
lanalyzer - Novell LANalyzer
- libpcap - Wireshark/tcpdump/... - libpcap
modlibpcap - Modified tcpdump - libpcap
netmon1 - Microsoft NetMon 1.x
netmon2 - Microsoft NetMon 2.x
nettl - HP-UX nettl trace
- ngsniffer - NA Sniffer (DOS)
- ngwsniffer_1_1 - NA Sniffer (Windows) 1.1
- ngwsniffer_2_0 - NA Sniffer (Windows) 2.00x
+ ngsniffer - Sniffer (DOS)
+ ngwsniffer_1_1 - NetXray, Sniffer (Windows) 1.1
+ ngwsniffer_2_0 - Sniffer (Windows) 2.00x
niobserver - Network Instruments Observer
nokialibpcap - Nokia tcpdump - libpcap
nseclibpcap - Wireshark - nanosecond libpcap
nstrace10 - NetScaler Trace (Version 1.0)
nstrace20 - NetScaler Trace (Version 2.0)
- pcapng - Wireshark - pcapng
+ pcap - Wireshark/tcpdump/... - pcap
+ pcapng - Wireshark/... - pcapng
rf5 - Tektronix K12xx 32-bit .rf5 format
rh6_1libpcap - RedHat 6.1 tcpdump - libpcap
snoop - Sun snoop
bluetooth-h4 - Bluetooth H4
bluetooth-h4-linux - Bluetooth H4 with linux header
bluetooth-hci - Bluetooth without transport layer
+ bluetooth-le-ll - Bluetooth Low Energy Link Layer
can20b - Controller Area Network 2.0B
chdlc - Cisco HDLC
chdlc-with-direction - Cisco HDLC with Directional Info
usb-usbpcap - USB packets with USBPcap header
user0 - USER 0
user1 - USER 1
- user10 - USER 10
- user11 - USER 11
- user12 - USER 12
- user13 - USER 13
- user14 - USER 14
- user15 - USER 15
user2 - USER 2
user3 - USER 3
user4 - USER 4
user7 - USER 7
user8 - USER 8
user9 - USER 9
+ user10 - USER 10
+ user11 - USER 11
+ user12 - USER 12
+ user13 - USER 13
+ user14 - USER 14
+ user15 - USER 15
v5-ef - V5 Envelope Function
whdlc - Wellfleet HDLC
+ wireshark-upper-pdu - Wireshark Upper PDU export
wpan - IEEE 802.15.4 Wireless PAN
wpan-nofcs - IEEE 802.15.4 Wireless PAN with FCS not present
wpan-nonask-phy - IEEE 802.15.4 Wireless PAN non-ASK PHY
- x25-nettl - X.25 with nettl headers
x2e-serial - X2E serial line capture
x2e-xoraya - X2E Xoraya
</programlisting>
<example id="AppToolsmergecapEx">
<title>Help information available from mergecap</title>
<programlisting>
-Mergecap 1.11.0 (SVN Rev 49633 from /trunk)
+Mergecap 1.11.0 (SVN Rev 51944 from /trunk)
Merge two or more capture files into one.
See http://www.wireshark.org for more information.
<example id="AppToolstext2pcapEx">
<title>Help information available from text2pcap</title>
<programlisting>
-Text2pcap 1.11.0 (SVN Rev 49633 from /trunk)
+Text2pcap 1.11.0 (SVN Rev 51944 from /trunk)
Generate a capture file from an ASCII hexdump of packets.
See http://www.wireshark.org for more information.
(in DECIMAL).
Automatically prepends Ethernet header as well.
Example: -i 46
+ -4 <srcip>,<destip> prepend dummy IPv4 header with specified
+ dest and source address.
+ Example: -4 10.0.0.1,10.0.0.2
+ -6 <srcip>,<destip> replace IPv6 header with specified
+ dest and source address.
+ Example: -6 fe80:0:0:0:202:b3ff:fe1e:8329, 2001:0db8:85a3:0000:0000:8a2e:0370:7334
-u <srcp>,<destp> prepend dummy UDP header with specified
source and destination ports (in DECIMAL).
Automatically prepends Ethernet & IP headers as well.
git.samba.org / metze / wireshark / wip.git / commitdiff