B<dumpcap>
S<[ B<-a> E<lt>capture autostop conditionE<gt> ] ...>
S<[ B<-b> E<lt>capture ring buffer optionE<gt>] ...>
-S<[ B<-B> E<lt>capture buffer size (Win32 only)E<gt> ] >
+S<[ B<-B> E<lt>capture buffer sizeE<gt> ] >
S<[ B<-c> E<lt>capture packet countE<gt> ]>
+S<[ B<-d> ]>
S<[ B<-D> ]>
S<[ B<-f> E<lt>capture filterE<gt> ]>
S<[ B<-h> ]>
S<[ B<-i> E<lt>capture interfaceE<gt>|- ]>
+S<[ B<-I> ]>
S<[ B<-L> ]>
S<[ B<-n> ]>
S<[ B<-M> ]>
S<[ B<-p> ]>
+S<[ B<-P> ]>
+S<[ B<-q> ]>
S<[ B<-s> E<lt>capture snaplenE<gt> ]>
S<[ B<-S> ]>
S<[ B<-v> ]>
to a capture file. The criterion is of the form I<test>B<:>I<value>,
where I<test> is one of:
-B<duration>:I<value> Stop writing to a capture file after I<value> seconds have elapsed.
+B<duration>:I<value> Stop writing to a capture file after I<value> seconds have
+elapsed.
-B<filesize>:I<value> Stop writing to a capture file after it reaches a size of I<value>
-kilobytes (where a kilobyte is 1024 bytes). If this option
-is used together with the -b option, dumpcap will stop writing to the
-current capture file and switch to the next one if filesize is reached.
+B<filesize>:I<value> Stop writing to a capture file after it reaches a size of
+I<value> kilobytes (where a kilobyte is 1024 bytes). If this option is used
+together with the -b option, dumpcap will stop writing to the current capture
+file and switch to the next one if filesize is reached.
-B<files>:I<value> Stop writing to capture files after I<value> number of files were written.
+B<files>:I<value> Stop writing to capture files after I<value> number of files
+were written.
=item -b E<lt>capture ring buffer optionE<gt>
I<value> kilobytes (where a kilobyte is 1024 bytes).
B<files>:I<value> begin again with the first file after I<value> number of
-files were written (form a ring buffer). This option requires either
-B<duration> or B<filesize> to be specified to control when to go to the next
-file. It should be noted that each B<-b> parameter takes exactly one criterion;
-to specify two criterion, each must be preceded by the B<-b> option.
-
-=item -B E<lt>capture buffer size (Win32 only)E<gt>
-
-Win32 only: set capture buffer size (in MB, default is 1MB). This is used by the
-the capture driver to buffer packet data until that data can be written to
-disk. If you encounter packet drops while capturing, try to increase this size.
+files were written (form a ring buffer). This value must be less than 100000.
+Caution should be used when using large numbers of files: some filesystems do
+not handle many files in a single directory well. The B<files> criterion
+requires either B<duration> or B<filesize> to be specified to control when to
+go to the next file. It should be noted that each B<-b> parameter takes exactly
+one criterion; to specify two criterion, each must be preceded by the B<-b>
+option.
+
+Example: B<-b filesize:1024 -b files:5> results in a ring buffer of five files
+of size one megabyte.
+
+=item -B E<lt>capture buffer sizeE<gt>
+
+Set capture buffer size (in MB, default is 1MB). This is used by the
+the capture driver to buffer packet data until that data can be written
+to disk. If you encounter packet drops while capturing, try to increase
+this size. Note that, while B<Dumpcap> attempts to set the buffer size
+to 1MB by default, and can be told to set it to a larger value, the
+system or interface on which you're capturing might silently limit the
+capture buffer size to a lower value or raise it to a higher value.
+
+This is available on UNIX systems with libpcap 1.0.0 or later and on
+Windows. It is not available on UNIX systems with earlier versions of
+libpcap.
+
+This option can occur multiple times. If used before the first
+occurrence of the B<-i> option, it sets the default capture buffer size.
+If used after an B<-i> option, it sets the capture buffer size for
+the interface specified by the last B<-i> option occurring before
+this option. If the capture buffer size is not set specifically,
+the default capture buffer size is used if provided.
=item -c E<lt>capture packet countE<gt>
Set the maximum number of packets to read when capturing live
data.
+=item -d
+
+Dump the code generated for the capture filter in a human-readable form,
+and exit.
+
=item -D
Print a list of the interfaces on which B<Dumpcap> can capture, and
The entire filter expression must be specified as a single argument (which means
that if it contains spaces, it must be quoted).
+This option can occur multiple times. If used before the first
+occurrence of the B<-i> option, it sets the default capture filter expression.
+If used after an B<-i> option, it sets the capture filter expression for
+the interface specified by the last B<-i> option occurring before
+this option. If the capture filter expression is not set specifically,
+the default capture filter expression is used if provided.
+
=item -h
Print the version and options and exits.
read data from the standard input. Data read from pipes must be in
standard libpcap format.
+This option can occur multiple times. When capturing from multiple
+interfaces, the capture file will be saved in pcap-ng format.
+
Note: the Win32 version of B<Dumpcap> doesn't support capturing from
pipes or stdin!
+=item -I
+
+Put the interface in "monitor mode"; this is supported only on IEEE
+802.11 Wi-Fi interfaces, and supported only on some operating systems.
+
+Note that in monitor mode the adapter might disassociate from the
+network with which it's associated, so that you will not be able to use
+any wireless networks with that adapter. This could prevent accessing
+files on a network server, or resolving host names or network addresses,
+if you are capturing in monitor mode and are not connected to another
+network with another adapter.
+
+This option can occur multiple times. If used before the first
+occurrence of the B<-i> option, it enables the monitor mode for all interfaces.
+If used after an B<-i> option, it enables the monitor mode for
+the interface specified by the last B<-i> option occurring before
+this option.
+
=item -L
List the data link types supported by the interface and exit. The reported
=item -M
-When used with B<-D>, B<-L> and B<-S>, print verbose, machine-readable output.
+When used with B<-D>, B<-L> and B<-S>, print machine-readable output.
+The machine-readable output is intended to be read by B<Wireshark> and
+B<TShark>; its format is subject to change from release to release.
=item -n
-Write the output file in the pcapng format instead of the default pcap format.
+Save files as pcap-ng. This is the default.
=item -p
broadcast traffic, and multicast traffic to addresses received by that
machine.
+This option can occur multiple times. If used before the first
+occurrence of the B<-i> option, no interface will be put into the
+promiscuous mode.
+If used after an B<-i> option, the interface specified by the last B<-i>
+option occurring before this option will not be put into the
+promiscuous mode.
+
+=item -P
+
+Save files as pcap instead of the default pcap-ng. In situations that require
+pcap-ng, such as capturing from multiple interfaces, this option will be
+overridden.
+
+=item -q
+
+When capturing packets, don't display the continuous count of packets
+captured that is normally shown when saving a capture to a file;
+instead, just display, at the end of the capture, a count of packets
+captured. On systems that support the SIGINFO signal, such as various
+BSDs, you can cause the current count to be displayed by typing your
+"status" character (typically control-T, although it
+might be set to "disabled" by default on at least some BSDs, so you'd
+have to explicitly set it to use it).
+
=item -s E<lt>capture snaplenE<gt>
Set the default snapshot length to use when capturing live data.
memory, or saved to disk. A value of 0 specifies a snapshot length of
65535, so that the full packet is captured; this is the default.
+This option can occur multiple times. If used before the first
+occurrence of the B<-i> option, it sets the default snapshot length.
+If used after an B<-i> option, it sets the snapshot length for
+the interface specified by the last B<-i> option occurring before
+this option. If the snapshot length is not set specifically,
+the default snapshot length is used if provided.
+
=item -S
Print statistics for each interface once every second.
Set the data link type to use while capturing packets. The values
reported by B<-L> are the values that can be used.
+This option can occur multiple times. If used before the first
+occurrence of the B<-i> option, it sets the default capture link type.
+If used after an B<-i> option, it sets the capture link type for
+the interface specified by the last B<-i> option occurring before
+this option. If the capture link type is not set specifically,
+the default capture link type is used if provided.
+
=back
=head1 CAPTURE FILTER SYNTAX
-See the manual page of pcap-filter(4) or, if that doesn't exist, tcpdump(8).
+See the manual page of pcap-filter(4) or, if that doesn't exist, tcpdump(8),
+or, if that doesn't exist, L<http://wiki.wireshark.org/CaptureFilters>.
=head1 SEE ALSO
git.samba.org / obnox / wireshark / wip.git / blobdiff