1 Wireshark 4.5.0 (v4.5.0rc0-1147-g31b31e100870)
2 Interactively dump and analyze network traffic.
3 See https://www.wireshark.org for more information.
5 Usage: wireshark [options] ... [ <infile> ]
8 -i <interface>, --interface <interface>
9 name or idx of interface (def: first non-loopback)
10 -f <capture filter> packet filter in libpcap filter syntax
11 -s <snaplen>, --snapshot-length <snaplen>
12 packet snapshot length (def: appropriate maximum)
13 -p, --no-promiscuous-mode
14 don't capture in promiscuous mode
15 -I, --monitor-mode capture in monitor mode, if available
16 -B <buffer size>, --buffer-size <buffer size>
17 size of kernel buffer in MiB (def: 2MiB)
18 -y <link type>, --linktype <link type>
19 link layer type (def: first appropriate)
20 --time-stamp-type <type> timestamp method for interface
21 -D, --list-interfaces print list of interfaces and exit
22 -L, --list-data-link-types
23 print list of link-layer types of iface and exit
24 --list-time-stamp-types print list of timestamp types for iface and exit
27 -k start capturing immediately (def: do nothing)
28 -S update packet display when new packets are captured
29 -l turn on automatic scrolling while -S is in use
30 --update-interval interval between updates with new packets, in milliseconds (def: 100ms)
31 Capture stop conditions:
32 -c <packet count> stop after n packets (def: infinite)
33 -a <autostop cond.> ..., --autostop <autostop cond.> ...
34 duration:NUM - stop after NUM seconds
35 filesize:NUM - stop this file after NUM KB
36 files:NUM - stop after NUM files
37 packets:NUM - stop after NUM packets
39 -b <ringbuffer opt.> ..., --ring-buffer <ringbuffer opt.>
40 duration:NUM - switch to next file after NUM secs
41 filesize:NUM - switch to next file after NUM KB
42 files:NUM - ringbuffer: replace after NUM files
43 packets:NUM - switch to next file after NUM packets
44 interval:NUM - switch to next file when the time is
45 an exact multiple of NUM secs
47 -r <infile>, --read-file <infile>
48 set the filename to read from (no pipes or stdin!)
51 -R <read filter>, --read-filter <read filter>
52 packet filter in display filter (wireshark-filter(4)) syntax
53 -n disable all name resolutions (def: all enabled)
54 -N <name resolve flags> enable specific name resolution(s): "mtndsNvg"
55 -d <layer_type>==<selector>,<decode_as_protocol> ...
56 "Decode As", see the man page for details
57 Example: tcp.port==8888,http
58 --enable-protocol <proto_name>
59 enable dissection of proto_name
60 --disable-protocol <proto_name>
61 disable dissection of proto_name
62 --only-protocols <protocols>
63 Only enable dissection of these protocols, comma
64 separated. Disable everything else
65 --disable-all-protocols
66 Disable dissection of all protocols
67 --enable-heuristic <short_name>
68 enable dissection of heuristic protocol
69 --disable-heuristic <short_name>
70 disable dissection of heuristic protocol
73 -C <config profile> start with specified configuration profile
74 -H hide the capture info dialog during packet capture
75 -Y <display filter>, --display-filter <display filter>
76 start with the given display filter
77 -g <packet number> go to specified packet number after "-r"
78 -J <jump filter> jump to the first packet matching the (display)
80 -j search backwards for a matching packet after "-J"
81 -t (a|ad|adoy|d|dd|e|r|u|ud|udoy)[.[N]]|.[N]
82 format of time stamps (def: r: rel. to first)
83 -u s|hms output format of seconds (def: s: seconds)
84 -X <key>:<value> eXtension options, see man page for details
85 -z <statistics> show various statistics, see man page for details
88 -w <outfile|-> set the output filename (or '-' for stdout)
89 -F <capture type> set the output file type; default is pcapng.
90 an empty "-F" option will list the file types.
91 --capture-comment <comment>
92 add a capture file comment, if supported
93 --temp-dir <directory> write temporary files to this directory
97 --log-level <level> sets the active log level ("critical", "warning", etc.)
98 --log-fatal <level> sets level to abort the program ("critical" or "warning")
99 --log-domains <[!]list> comma-separated list of the active log domains
100 --log-fatal-domains <list>
101 list of domains that cause the program to abort
102 --log-debug <[!]list> list of domains with "debug" level
103 --log-noisy <[!]list> list of domains with "noisy" level
104 --log-file <path> file to output messages to (in addition to stderr)
107 -h, --help display this help and exit
108 -v, --version display version info and exit
109 -P <key>:<path> persconf:path - personal configuration files
110 persdata:path - personal data files
111 -o <name>:<value> ... override preference or recent setting
112 -K <keytab> keytab file to use for kerberos decryption
113 --display <X display> X display to use
114 --fullscreen start Wireshark in full screen