User Guide

ManualsBrandsWireshark ManualsSoftwareWireshark Wireshark - 0.99.5

161

162

163

164

165

166

167

168

169

170

writing to the next file, until it fills up the last file, at which

point it'll discard the data in the first file (unless 0 is spe-

cified, in which case, the number of files is unlimited) and

start writing to that file and so on.

If the optional duration is specified, Wireshark will switch

also to the next file when the specified number of seconds has

elapsed even if the current file is not completely fills up.

duration:value Switch to the next file after value

seconds have elapsed, even if the cur-

rent file is not completely filled up.

filesize:value Switch to the next file after it reaches

a size of value kilobytes (where a kilo-

byte is 1000 bytes, not 1024 bytes).

files:value Begin again with the first file after

value number of files were written

(form a ring buffer).

-B <capture buffer size (Win32

only)>

Win32 only: set capture buffer size (in MB, default is 1MB).

This is used by the the capture driver to buffer packet data un-

til that data can be written to disk. If you encounter packet

drops while capturing, try to increase this size.

-c <capture packet count> This option specifies the maximum number of packets to cap-

ture when capturing live data. It would be used in conjunction

with the -k option.

-D Print a list of the interfaces on which Wireshark can capture,

and exit. For each network interface, a number and an inter-

face name, possibly followed by a text description of the in-

terface, is printed. The interface name or the number can be

supplied to the -i flag to specify an interface on which to cap-

ture.

This can be useful on systems that don't have a command to

list them (e.g., Windows systems, or UNIX systems lacking

ifconfig -a); the number can be useful on Windows 2000 and

later systems, where the interface name is a somewhat com-

plex string.

Note that "can capture" means that Wireshark was able to

open that device to do a live capture; if, on your system, a

program doing a network capture must be run from an ac-

count with special privileges (for example, as root), then, if

Wireshark is run with the -D flag and is not run from such an

account, it will not list any interfaces.

-f <capture filter> This option sets the initial capture filter expression to be used

when capturing packets.

-g <packet number> After reading in a capture file using the -r flag, go to the giv-

en packet number.

-h The -h option requests Wireshark to print its version and us-

age instructions (as shown above) and exit.

-i <capture interface> Set the name of the network interface or pipe to use for live

packet capture.

Customizing Wireshark

156