Near the beginning of the DESCRIPTION section of wireshark(1) or is a detailed description of the way Wireshark handles this, which is the same way Tshark handles this.Ĭompressed file support uses (and therefore requires) the zlib library. The input file doesn't need a specific filename extension the file format and an optional gzip compression will be automatically detected. TShark is able to detect, read and write the same capture files that are supported by Wireshark. It will use the pcap library to capture traffic from the first available network interface and displays a summary line on stdout for each received packet. Without any options set, TShark will work much like tcpdump.
TShark's native capture file format is libpcap format, which is also the format used by tcpdump and various other tools. It lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file. Tshark - Dump and analyze network traffic K keytab file to use for kerberos decryption P : persconf:path - personal configuration files w set the output filename (or '-' for stdout) z show various statistics, see man page for details X : eXtension options, see man page for details u s|hms output format of seconds (def: s: seconds) t ad|a|r|d|dd|e output format of time stamps (def: r: rel. j search backwards for a matching packet after "-J" J jump to the first packet matching the (display) g go to specified packet number after "-r" C start with specified configuration profile N enable specific name resolution(s): "mntC" n disable all name resolutions (def: all enabled) R packet filter in Wireshark display filter syntax r set the filename to read from (no pipes or stdin!) duration:NUM - switch to next file after NUM secsįilesize:NUM - switch to next file after NUM KBįiles:NUM - ringbuffer: replace after NUM files duration:NUM - stop after NUM secondsįilesize:NUM - stop this file after NUM KB L print list of link-layer types of iface and exit y link layer type (def: first appropriate) l turn on automatic scrolling while -S is in use S update packet display when new packets are captured k start capturing immediately (def: do nothing) f packet filter in libpcap filter syntax
i name or idx of interface (def: first non-loopback) Warranty not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. This is free software see the source for copying conditions. Interactively dump and analyze network traffic.Ĭopyright 1998-2013 Gerald Combs and contributors. Wireshark 1.9.0 (SVN Rev 47047 from /trunk)
0 kommentar(er)
