+=begin man
+
+=encoding utf8
+
+=end man
=head1 NAME
B<wireshark>
S<[ B<-a> E<lt>capture autostop conditionE<gt> ] ...>
S<[ B<-b> E<lt>capture ring buffer optionE<gt> ] ...>
-S<[ B<-B> E<lt>capture buffer size (Win32 only)E<gt> ] >
+S<[ B<-B> E<lt>capture buffer sizeE<gt> ] >
S<[ B<-c> E<lt>capture packet countE<gt> ]>
S<[ B<-C> E<lt>configuration profileE<gt> ]>
-S<[ B<-d> E<lt>display filterE<gt> ]>
S<[ B<-D> ]>
S<[ B<--display=>E<lt>X display to useE<gt> ] >
S<[ B<-f> E<lt>capture filterE<gt> ]>
S<[ B<-H> ]>
S<[ B<-i> E<lt>capture interfaceE<gt>|- ]>
S<[ B<-I> ]>
-S<[ B<-J> E<lt>jump filterE<gt> ]>
S<[ B<-j> ]>
+S<[ B<-J> E<lt>jump filterE<gt> ]>
S<[ B<-k> ]>
S<[ B<-K> E<lt>keytabE<gt> ]>
S<[ B<-l> ]>
S<[ B<-P> E<lt>path settingE<gt>]>
S<[ B<-r> E<lt>infileE<gt> ]>
S<[ B<-R> E<lt>read (display) filterE<gt> ]>
-S<[ B<-S> ]>
S<[ B<-s> E<lt>capture snaplenE<gt> ]>
-S<[ B<-t> ad|a|r|d|dd|e ]>
+S<[ B<-S> ]>
+S<[ B<-t> a|ad|d|dd|e|r|u|ud ]>
S<[ B<-v> ]>
S<[ B<-w> E<lt>outfileE<gt> ]>
-S<[ B<-y> E<lt>capture link typeE<gt> ]>
S<[ B<-X> E<lt>eXtension optionE<gt> ]>
+S<[ B<-y> E<lt>capture link typeE<gt> ]>
+S<[ B<-Y> E<lt>displaY filterE<gt> ]>
S<[ B<-z> E<lt>statisticsE<gt> ]>
S<[ E<lt>infileE<gt> ]>
B<Wireshark> is a GUI network protocol analyzer. It lets you
interactively browse packet data from a live network or from a
previously saved capture file. B<Wireshark>'s native capture file format
-is B<libpcap> format, which is also the format used by B<tcpdump> and
+is B<pcap> format, which is also the format used by B<tcpdump> and
various other tools.
B<Wireshark> can read / import the following file formats:
=over 4
=item *
-libpcap - captures from B<Wireshark>/B<TShark>/B<dumpcap>, B<tcpdump>,
-and various other tools using libpcap's/tcpdump's capture format
+pcap - captures from B<Wireshark>/B<TShark>/B<dumpcap>, B<tcpdump>,
+and various other tools using libpcap's/WinPcap's/tcpdump's/WinDump's
+capture format
=item *
-pcap-ng - "next-generation" successor to libpcap format
+pcap-ng - "next-generation" successor to pcap format
=item *
B<snoop> and B<atmsnoop> captures
the output from B<CoSine> L2 debug
=item *
-the output from Accellent's B<5Views> LAN agents
+the output from InfoVista's B<5View> LAN agents
=item *
Endace Measurement Systems' ERF format captures
Files from Aethra Telecommunications' PC108 software for their test
instruments
+=item *
+MPEG-2 Transport Streams as defined in ISO/IEC 13818-1
+
+=item *
+Rabbit Labs CAM Inspector files
+
=back
There is no need to tell B<Wireshark> what type of
elapsed.
B<filesize>:I<value> Stop writing to a capture file after it reaches a size of
-I<value> kilobytes (where a kilobyte is 1024 bytes). If this option is used
-together with the -b option, Wireshark will stop writing to the current
-capture file and switch to the next one if filesize is reached.
+I<value> KiB. If this option is used together with the -b option, Wireshark
+will stop writing to the current capture file and switch to the next one if
+filesize is reached. Note that the filesize is limited to a maximum value of
+2 GiB.
B<files>:I<value> Stop writing to capture files after I<value> number of files
were written.
elapsed, even if the current file is not completely filled up.
B<filesize>:I<value> switch to the next file after it reaches a size of
-I<value> kilobytes (where a kilobyte is 1024 bytes).
+I<value> KiB. Note that the filesize is limited to a maximum value of 2 GiB.
B<files>:I<value> begin again with the first file after I<value> number of
files were written (form a ring buffer). This value must be less than 100000.
=item -B E<lt>capture buffer sizeE<gt>
-Set capture buffer size (in MB, default is 1MB). This is used by the
+Set capture buffer size (in MB, default is 2MB). This is used by the
the capture driver to buffer packet data until that data can be written
to disk. If you encounter packet drops while capturing, try to increase
-this size. Note that, while B<Tshark> attempts to set the buffer size
-to 1MB by default, and can be told to set it to a larger value, the
+this size. Note that, while B<Wireshark> attempts to set the buffer size
+to 2MB by default, and can be told to set it to a larger value, the
system or interface on which you're capturing might silently limit the
capture buffer size to a lower value or raise it to a higher value.
Start with the given configuration profile.
-=item -d E<lt>display filterE<gt>
-
-Start with the given display filter.
-
=item -D
Print a list of the interfaces on which B<Wireshark> can capture, and
Pipe names should be either the name of a FIFO (named pipe) or ``-'' to
read data from the standard input. On Windows systems, pipe names must be
of the form ``\\pipe\.\B<pipename>''. Data read from pipes must be in
-standard libpcap format.
+standard pcap format.
This option can occur multiple times. When capturing from multiple
interfaces, the capture file will be saved in pcap-ng format.
the interface specified by the last B<-i> option occurring before
this option.
+=item -j
+
+Use after B<-J> to change the behavior when no exact match is found for
+the filter. With this option select the first packet before.
+
=item -J E<lt>jump filterE<gt>
After reading in a capture file using the B<-r> flag, jump to the packet
matching the filter (display filter syntax). If no exact match is found
the first packet after that is selected.
-=item -j
-
-Use after B<-J> to change the behavior when no exact match is found for
-the filter. With this option select the first packet before.
-
=item -k
Start the capture session immediately. If the B<-i> flag was
B<n> to enable network address resolution
+B<N> to enable using external resolvers (e.g., DNS) for network address
+resolution
+
B<t> to enable transport-layer port number resolution
B<C> to enable concurrent (asynchronous) DNS lookups
the form of a valid record for that file, including quotes. For instance, to
specify a user DLT from the command line, you would use
-=over
-
--o "uat:user_dlts:\"User 0 (DLT=147)\",\"cops\",\"0\",\"\",\"0\",\"\""
-
-=back
+ -o "uat:user_dlts:\"User 0 (DLT=147)\",\"cops\",\"0\",\"\",\"0\",\"\""
=item -p
Read packet data from I<infile>, can be any supported capture file format
(including gzipped files). It's not possible to use named pipes or stdin
-here!
+here! To capture from a pipe or from stdin use B<-i ->
=item -R E<lt>read (display) filterE<gt>
that of capture filters) to be applied to all packets read from the
capture file; packets not matching the filter are discarded.
-=item -S
-
-Automatically update the packet display as packets are coming in.
-
=item -s E<lt>capture snaplenE<gt>
Set the default snapshot length to use when capturing live data.
this option. If the snapshot length is not set specifically,
the default snapshot length is used if provided.
-=item -t ad|a|r|d|dd|e
+=item -S
+
+Automatically update the packet display as packets are coming in.
+
+=item -t a|ad|d|dd|e|r|u|ud
Set the format of the packet timestamp displayed in the packet list
window. The format can be one of:
-B<ad> absolute with date: The absolute date and time is the actual time and
-date the packet was captured
-
B<a> absolute: The absolute time is the actual time the packet was captured,
with no date displayed
-B<r> relative: The relative time is the time elapsed between the first packet
-and the current packet
+B<ad> absolute with date: The absolute date and time is the actual time and
+date the packet was captured
B<d> delta: The delta time is the time since the previous packet was
captured
B<e> epoch: The time in seconds since epoch (Jan 1, 1970 00:00:00)
+B<r> relative: The relative time is the time elapsed between the first packet
+and the current packet
+
+B<u> UTC: The UTC time is the actual time the packet was captured,
+with no date displayed
+
+B<ud> UTC with date: The UTC date and time is the actual time and
+date the packet was captured
+
The default format is relative.
=item -v
Set the default capture file name.
+=item -X E<lt>eXtension optionsE<gt>
+
+Specify an option to be passed to an B<Wireshark> module. The eXtension option
+is in the form I<extension_key>B<:>I<value>, where I<extension_key> can be:
+
+B<lua_script>:I<lua_script_filename> tells B<Wireshark> to load the given script in addition to the
+default Lua scripts.
+
+B<stdin_descr>:I<description> tells B<Wireshark> to use the given description when
+capturing from standard input (B<-i ->).
+
=item -y E<lt>capture link typeE<gt>
If a capture is started from the command line with B<-k>, set the data
this option. If the capture link type is not set specifically,
the default capture link type is used if provided.
-=item -X E<lt>eXtension optionsE<gt>
-
-Specify an option to be passed to an B<Wireshark> module. The eXtension option
-is in the form I<extension_key>B<:>I<value>, where I<extension_key> can be:
-
-B<lua_script>:I<lua_script_filename> tells B<Wireshark> to load the given script in addition to the
-default Lua scripts.
+=item -Y E<lt>displaY filterE<gt>
-B<stdin_descr>:I<description> tells B<Wireshark> to use the given description when
-capturing from standard input (B<-i ->).
+Start with the given display filter.
=item -z E<lt>statisticsE<gt>
=over 4
+=item B<-z> conv,I<type>[,I<filter>]
+
+Create a table that lists all conversations that could be seen in the
+capture. I<type> specifies the conversation endpoint types for which we
+want to generate the statistics; currently the supported ones are:
+
+ "eth" Ethernet addresses
+ "fc" Fibre Channel addresses
+ "fddi" FDDI addresses
+ "ip" IPv4 addresses
+ "ipv6" IPv6 addresses
+ "ipx" IPX addresses
+ "tcp" TCP/IP socket pairs Both IPv4 and IPv6 are supported
+ "tr" Token Ring addresses
+ "udp" UDP/IP socket pairs Both IPv4 and IPv6 are supported
+
+If the optional I<filter> is specified, only those packets that match the
+filter will be used in the calculations.
+
+The table is presented with one line for each conversation and displays
+the number of packets/bytes in each direction as well as the total
+number of packets/bytes. By default, the table is sorted according to
+the total number of packets.
+
+These tables can also be generated at runtime by selecting the appropriate
+conversation type from the menu "Tools/Statistics/Conversation List/".
+
=item B<-z> dcerpc,srt,I<uuid>,I<major>.I<minor>[,I<filter>]
Collect call/reply SRT (Service Response Time) data for DCERPC interface I<uuid>,
Example: S<B<-z dcerpc,srt,12345778-1234-abcd-ef00-0123456789ac,1.0,ip.addr==1.2.3.4>> will collect SAMR
SRT statistics for a specific host.
-=item B<-z> io,stat
-
-Collect packet/bytes statistics for the capture in intervals of 1 second.
-This option will open a window with up to 5 color-coded graphs where
-number-of-packets-per-second or number-of-bytes-per-second statistics
-can be calculated and displayed.
-
-This option can be used multiple times on the command line.
-
-This graph window can also be opened from the Analyze:Statistics:Traffic:IO-Stat
-menu item.
+=item B<-z> fc,srt[,I<filter>]
-=item B<-z> rpc,srt,I<program>,I<version>[,<filter>]
+Collect call/reply SRT (Service Response Time) data for FC. Data collected
+is the number of calls for each Fibre Channel command, MinSRT, MaxSRT and AvgSRT.
-Collect call/reply SRT (Service Response Time) data for I<program>/I<version>. Data collected
-is the number of calls for each procedure, MinSRT, MaxSRT and AvgSRT.
+Example: B<-z fc,srt>
+will calculate the Service Response Time as the time delta between the
+First packet of the exchange and the Last packet of the exchange.
-Example: B<-z rpc,srt,100003,3> will collect data for NFS v3.
+The data will be presented as separate tables for all normal FC commands,
+Only those commands that are seen in the capture will have its stats
+displayed.
This option can be used multiple times on the command line.
If the optional I<filter> is provided, the stats will only be calculated
on those calls that match that filter.
-Example: S<B<-z rpc,srt,100003,3,nfs.fh.hash==0x12345678>> will collect NFS v3
-SRT statistics for a specific file.
-
-=item B<-z> rpc,programs
-
-Collect call/reply SRT data for all known ONC-RPC programs/versions.
-Data collected is the number of calls for each protocol/version, MinSRT,
-MaxSRT and AvgSRT.
-
-=item B<-z> scsi,srt,I<cmdset>[,<filter>]
-
-Collect call/reply SRT (Service Response Time) data for SCSI commandset <cmdset>.
+Example: B<-z "fc,srt,fc.id==01.02.03"> will collect stats only for
+FC packets exchanged by the host at FC address 01.02.03 .
-Commandsets are 0:SBC 1:SSC 5:MMC
+=item B<-z> h225,counter[I<,filter>]
-Data collected
-is the number of calls for each procedure, MinSRT, MaxSRT and AvgSRT.
+Count ITU-T H.225 messages and their reasons. In the first column you get a
+list of H.225 messages and H.225 message reasons which occur in the current
+capture file. The number of occurrences of each message or reason is displayed
+in the second column.
-Example: B<-z scsi,srt,0> will collect data for SCSI BLOCK COMMANDS (SBC).
+Example: B<-z h225,counter>
This option can be used multiple times on the command line.
If the optional I<filter> is provided, the stats will only be calculated
on those calls that match that filter.
-Example: B<-z scsi,srt,0,ip.addr==1.2.3.4> will collect SCSI SBC
-SRT statistics for a specific iscsi/ifcp/fcip host.
-
-=item B<-z> smb,srt[,I<filter>]
+Example: B<-z "h225,counter,ip.addr==1.2.3.4"> will collect stats only for
+H.225 packets exchanged by the host at IP address 1.2.3.4 .
-Collect call/reply SRT (Service Response Time) data for SMB. Data collected
-is the number of calls for each SMB command, MinSRT, MaxSRT and AvgSRT.
+=item B<-z> h225,srt[I<,filter>]
-Example: B<-z smb,srt>
+Collect request/response SRT (Service Response Time) data for ITU-T H.225 RAS.
+Data collected is the number of calls of each ITU-T H.225 RAS Message Type,
+Minimum SRT, Maximum SRT, Average SRT, Minimum in Packet, and Maximum in Packet.
+You will also get the number of Open Requests (Unresponded Requests),
+Discarded Responses (Responses without matching request) and Duplicate Messages.
-The data will be presented as separate tables for all normal SMB commands,
-all Transaction2 commands and all NT Transaction commands.
-Only those commands that are seen in the capture will have their stats
-displayed.
-Only the first command in a xAndX command chain will be used in the
-calculation. So for common SessionSetupAndX + TreeConnectAndX chains,
-only the SessionSetupAndX call will be used in the statistics.
-This is a flaw that might be fixed in the future.
+Example: B<-z h225,srt>
This option can be used multiple times on the command line.
If the optional I<filter> is provided, the stats will only be calculated
on those calls that match that filter.
-Example: B<-z "smb,srt,ip.addr==1.2.3.4"> will collect stats only for
-SMB packets exchanged by the host at IP address 1.2.3.4 .
-
-=item B<-z> fc,srt[,I<filter>]
-
-Collect call/reply SRT (Service Response Time) data for FC. Data collected
-is the number of calls for each Fibre Channel command, MinSRT, MaxSRT and AvgSRT.
+Example: B<-z "h225,srt,ip.addr==1.2.3.4"> will collect stats only for
+ITU-T H.225 RAS packets exchanged by the host at IP address 1.2.3.4 .
-Example: B<-z fc,srt>
-will calculate the Service Response Time as the time delta between the
-First packet of the exchange and the Last packet of the exchange.
+=item B<-z> io,stat
-The data will be presented as separate tables for all normal FC commands,
-Only those commands that are seen in the capture will have its stats
-displayed.
+Collect packet/bytes statistics for the capture in intervals of 1 second.
+This option will open a window with up to 5 color-coded graphs where
+number-of-packets-per-second or number-of-bytes-per-second statistics
+can be calculated and displayed.
This option can be used multiple times on the command line.
-If the optional I<filter> is provided, the stats will only be calculated
-on those calls that match that filter.
-
-Example: B<-z "fc,srt,fc.id==01.02.03"> will collect stats only for
-FC packets exchanged by the host at FC address 01.02.03 .
+This graph window can also be opened from the Analyze:Statistics:Traffic:IO-Stat
+menu item.
=item B<-z> ldap,srt[,I<filter>]
COMPARE
EXTENDED
-=item B<-z> mgcp,srt[I<,filter>]
-
-Collect request/response SRT (Service Response Time) data for MGCP.
-(This is similar to B<-z smb,srt>). Data collected is the number of calls
-for each known MGCP Type, Minimum SRT, Maximum SRT and Average SRT.
-
-Example: B<-z mgcp,srt>
-
-This option can be used multiple times on the command line.
-
-If the optional I<filter> is provided, the stats will only be calculated
-on those calls that match that filter.
-
-Example: B<-z "mgcp,srt,ip.addr==1.2.3.4"> will collect stats only for
-MGCP packets exchanged by the host at IP address 1.2.3.4 .
-
=item B<-z> megaco,srt[I<,filter>]
Collect request/response SRT (Service Response Time) data for MEGACO.
Example: B<-z "megaco,srt,ip.addr==1.2.3.4"> will collect stats only for
MEGACO packets exchanged by the host at IP address 1.2.3.4 .
-=item B<-z> conv,I<type>[,I<filter>]
+=item B<-z> mgcp,srt[I<,filter>]
-Create a table that lists all conversations that could be seen in the
-capture. I<type> specifies the conversation endpoint types for which we
-want to generate the statistics; currently the supported ones are:
+Collect request/response SRT (Service Response Time) data for MGCP.
+(This is similar to B<-z smb,srt>). Data collected is the number of calls
+for each known MGCP Type, Minimum SRT, Maximum SRT and Average SRT.
- "eth" Ethernet addresses
- "fc" Fibre Channel addresses
- "fddi" FDDI addresses
- "ip" IPv4 addresses
- "ipv6" IPv6 addresses
- "ipx" IPX addresses
- "tcp" TCP/IP socket pairs Both IPv4 and IPv6 are supported
- "tr" Token Ring addresses
- "udp" UDP/IP socket pairs Both IPv4 and IPv6 are supported
+Example: B<-z mgcp,srt>
-If the optional I<filter> is specified, only those packets that match the
-filter will be used in the calculations.
+This option can be used multiple times on the command line.
-The table is presented with one line for each conversation and displays
-the number of packets/bytes in each direction as well as the total
-number of packets/bytes. By default, the table is sorted according to
-the total number of packets.
+If the optional I<filter> is provided, the stats will only be calculated
+on those calls that match that filter.
-These tables can also be generated at runtime by selecting the appropriate
-conversation type from the menu "Tools/Statistics/Conversation List/".
+Example: B<-z "mgcp,srt,ip.addr==1.2.3.4"> will collect stats only for
+MGCP packets exchanged by the host at IP address 1.2.3.4 .
-=item B<-z> h225,counter[I<,filter>]
+=item B<-z> rpc,programs
-Count ITU-T H.225 messages and their reasons. In the first column you get a
-list of H.225 messages and H.225 message reasons which occur in the current
-capture file. The number of occurrences of each message or reason is displayed
-in the second column.
+Collect call/reply SRT data for all known ONC-RPC programs/versions.
+Data collected is the number of calls for each protocol/version, MinSRT,
+MaxSRT and AvgSRT.
-Example: B<-z h225,counter>
+=item B<-z> rpc,srt,I<program>,I<version>[,<filter>]
+
+Collect call/reply SRT (Service Response Time) data for I<program>/I<version>. Data collected
+is the number of calls for each procedure, MinSRT, MaxSRT and AvgSRT.
+
+Example: B<-z rpc,srt,100003,3> will collect data for NFS v3.
This option can be used multiple times on the command line.
If the optional I<filter> is provided, the stats will only be calculated
on those calls that match that filter.
-Example: B<-z "h225,counter,ip.addr==1.2.3.4"> will collect stats only for
-H.225 packets exchanged by the host at IP address 1.2.3.4 .
+Example: S<B<-z rpc,srt,100003,3,nfs.fh.hash==0x12345678>> will collect NFS v3
+SRT statistics for a specific file.
-=item B<-z> h225,srt[I<,filter>]
+=item B<-z> scsi,srt,I<cmdset>[,<filter>]
-Collect request/response SRT (Service Response Time) data for ITU-T H.225 RAS.
-Data collected is the number of calls of each ITU-T H.225 RAS Message Type,
-Minimum SRT, Maximum SRT, Average SRT, Minimum in Packet, and Maximum in Packet.
-You will also get the number of Open Requests (Unresponded Requests),
-Discarded Responses (Responses without matching request) and Duplicate Messages.
+Collect call/reply SRT (Service Response Time) data for SCSI commandset <cmdset>.
-Example: B<-z h225,srt>
+Commandsets are 0:SBC 1:SSC 5:MMC
+
+Data collected
+is the number of calls for each procedure, MinSRT, MaxSRT and AvgSRT.
+
+Example: B<-z scsi,srt,0> will collect data for SCSI BLOCK COMMANDS (SBC).
This option can be used multiple times on the command line.
If the optional I<filter> is provided, the stats will only be calculated
on those calls that match that filter.
-Example: B<-z "h225,srt,ip.addr==1.2.3.4"> will collect stats only for
-ITU-T H.225 RAS packets exchanged by the host at IP address 1.2.3.4 .
+Example: B<-z scsi,srt,0,ip.addr==1.2.3.4> will collect SCSI SBC
+SRT statistics for a specific iscsi/ifcp/fcip host.
=item B<-z> sip,stat[I<,filter>]
Example: B<-z "sip,stat,ip.addr==1.2.3.4"> will collect stats only for
SIP packets exchanged by the host at IP address 1.2.3.4 .
+=item B<-z> smb,srt[,I<filter>]
+
+Collect call/reply SRT (Service Response Time) data for SMB. Data collected
+is the number of calls for each SMB command, MinSRT, MaxSRT and AvgSRT.
+
+Example: B<-z smb,srt>
+
+The data will be presented as separate tables for all normal SMB commands,
+all Transaction2 commands and all NT Transaction commands.
+Only those commands that are seen in the capture will have their stats
+displayed.
+Only the first command in a xAndX command chain will be used in the
+calculation. So for common SessionSetupAndX + TreeConnectAndX chains,
+only the SessionSetupAndX call will be used in the statistics.
+This is a flaw that might be fixed in the future.
+
+This option can be used multiple times on the command line.
+
+If the optional I<filter> is provided, the stats will only be calculated
+on those calls that match that filter.
+
+Example: B<-z "smb,srt,ip.addr==1.2.3.4"> will collect stats only for
+SMB packets exchanged by the host at IP address 1.2.3.4 .
+
=item B<-z> voip,calls
This option will show a window that shows VoIP calls found in the capture file.
Mark (or unmark if currently marked) the selected packet. The field
"frame.marked" is set for packets that are marked, so that, for example,
a display filters can be used to display only marked packets, and so that
-the L<Edit:Find Packet|/item_edit_3afind_packet> dialog can be used to find the next or previous
+the L</"Edit:Find Packet"> dialog can be used to find the next or previous
marked packet.
=item Edit:Find Next Mark
=item Edit:Preferences
Set the GUI, capture, printing and protocol options
-(see L<Preferences|/item_preferences> dialog below).
+(see L</Preferences> dialog below).
=item View:Main Toolbar
Resize all columns to best fit the current packet display.
-=item View:Expand Subtrees
+=item View:Expand / Collapse Subtrees
-Expands the currently selected item and it's subtrees in the packet details.
+Expands / Collapses the currently selected item and it's subtrees in the packet details.
=item View:Expand All
=over
-1. The user's personal color filters file or, if that does not exist,
+=item 1.
+
+The user's personal color filters file or, if that does not exist,
-2. The global color filters file.
+=item 2.
+
+The global color filters file.
=back
=item Capture:Options
-Initiate a live packet capture (see L<Capture Options|/item_capture_options>
-dialog below). If no filename is specified, a temporary file will be created
+Initiate a live packet capture (see L</"Capture Options Dialog">
+below). If no filename is specified, a temporary file will be created
to hold the capture. The location of the file can be chosen by setting your
TMPDIR environment variable before starting B<Wireshark>. Otherwise, the
default TMPDIR location is system-dependent, but is likely either F</var/tmp>
=item Help:About Wireshark
-See various information about Wireshark (see L<About|/item_about> dialog below), like the
+See various information about Wireshark (see L</About> dialog below), like the
version, the folders used, the available plugins, ...
=back
=back
-=item Capture Options
+=item Capture Options Dialog
-The I<Capture Options> dialog lets you specify various parameters for
+The I<Capture Options Dialog> lets you specify various parameters for
capturing live packet data.
The I<Interface:> field lets you specify the interface from which to
The I<Next file every ... megabyte(s)> check box and fields lets
you specify that a switch to a next file should be done
if the specified filesize is reached. You can also select the appropriate
-unit, but beware that the filesize has a maximum of 2 GB.
+unit, but beware that the filesize has a maximum of 2 GiB.
The check box is forced to be checked, as "multiple files" mode requires a
file size to be specified.
=head1 CAPTURE FILTER SYNTAX
-See the manual page of pcap-filter(4) or, if that doesn't exist, tcpdump(8),
+See the manual page of pcap-filter(7) or, if that doesn't exist, tcpdump(8),
or, if that doesn't exist, L<http://wiki.wireshark.org/CaptureFilters>.
=head1 DISPLAY FILTER SYNTAX
whitespace. The same directory as for the personal preferences file is used.
Capture filter name resolution is handled by libpcap on UNIX-compatible
-systems and WinPCAP on Windows. As such the Wireshark personal F<hosts> file
+systems and WinPcap on Windows. As such the Wireshark personal F<hosts> file
will not be consulted for capture filter name resolution.
=item Name Resolution (ethers)
preferences file.
Capture filter name resolution is handled by libpcap on UNIX-compatible
-systems and WinPCAP on Windows. As such the Wireshark personal F<ethers> file
+systems and WinPcap on Windows. As such the Wireshark personal F<ethers> file
will not be consulted for capture filter name resolution.
=item Name Resolution (manuf)
=over 4
+=item WIRESHARK_APPDATA
+
+On Windows, Wireshark normally stores all application data in %APPDATA% or
+%USERPROFILE%. You can override the default location by exporting this
+environment variable to specify an alternate location.
+
=item WIRESHARK_DEBUG_EP_NO_CHUNKS
Normally per-packet memory is allocated in large "chunks." This behavior
=item WIRESHARK_DEBUG_SCRUB_MEMORY
-If this environment variable is exported, the contents of per-packet and
+If this environment variable is set, the contents of per-packet and
per-file memory is initialized to 0xBADDCAFE when the memory is allocated
and is reset to 0xDEADBEEF when the memory is freed. This functionality is
useful mainly to developers looking for bugs in the way memory is handled.
+=item WIRESHARK_DEBUG_WMEM_OVERRIDE
+
+Setting this environment variable forces the wmem framework to use the
+specified allocator backend for *all* allocations, regardless of which
+backend is normally specified by the code. This is mainly useful to developers
+when testing or debugging. See I<README.wmem> in the source distribution for
+details.
+
=item WIRESHARK_RUN_FROM_BUILD_DIRECTORY
This environment variable causes the plugins and other data files to be loaded
This can be useful to developers attempting to troubleshoot a problem
with a protocol dissector.
+=item WIRESHARK_ABORT_ON_TOO_MANY_ITEMS
+
+If this environment variable is set, B<Wireshark> will call abort(3)
+if a dissector tries to add too many items to a tree (generally this
+is an indication of the dissector not breaking out of a loop soon enough).
+abort(3) will cause the program to exit abnormally; if you are running
+B<Wireshark> in a debugger, it should halt in the debugger and allow
+inspection of the process, and, if you are not running it in a debugger,
+it will, on some OSes, assuming your environment is configured correctly,
+generate a core dump file. This can be useful to developers attempting to
+troubleshoot a problem with a protocol dissector.
+
=item WIRESHARK_EP_VERIFY_POINTERS
-This environment variable, if exported, causes certain uses of pointers to be
+This environment variable, if set, causes certain uses of pointers to be
audited to ensure they do not point to memory that is deallocated after each
packet has been fully dissected. This can be useful to developers writing or
auditing code.
=item WIRESHARK_SE_VERIFY_POINTERS
-This environment variable, if exported, causes certain uses of pointers to be
+This environment variable, if set, causes certain uses of pointers to be
audited to ensure they do not point to memory that is deallocated after when
a capture file is closed. This can be useful to developers writing or
auditing code.
duration:...>. This means that you will not be able to see the results
of the capture after it stops; it's primarily useful for testing.
+=item WIRESHARK_ABORT_ON_OUT_OF_MEMORY
+
+This environment variable, if present, causes abort(3) to be called if certain
+out-of-memory conditions (which normally result in an exception and an
+explanatory error message) are experienced. This can be useful to developers
+debugging out-of-memory conditions.
+
=back
=head1 SEE ALSO
-wireshark-filter(4), tshark(1), editcap(1), pcap-filter(4), tcpdump(8),
-pcap(3), dumpcap(1), mergecap(1), text2pcap(1)
+wireshark-filter(4), tshark(1), editcap(1), pcap(3), dumpcap(1), mergecap(1),
+text2pcap(1), pcap-filter(7) or tcpdump(8)
=head1 NOTES
L<http://www.wireshark.org/docs/man-pages>.
=head1 AUTHORS
+
+
git.samba.org / metze / wireshark / wip.git / blobdiff