User Guide

ManualsBrandsWireshark ManualsSoftwareWireshark Wireshark - 0.99.5

171

172

173

174

175

176

177

178

179

180

Tip!

You can get a list of all available preference

strings from the preferences file, see Ap-

pendix A, Files and Folders.

-p Don't put the interface into promiscuous mode. Note that the

interface might be in promiscuous mode for some other reas-

on; hence, -p cannot be used to ensure that the only traffic

that is captured is traffic sent to or from the machine on

which Wireshark is running, broadcast traffic, and multicast

traffic to addresses received by that machine.

-Q This option forces Wireshark to exit when capturing is com-

plete. It can be used with the -c option. It must be used in

conjunction with the -i and -w options.

-r <infile> This option provides the name of a capture file for Wireshark

to read and display. This capture file can be in one of the

formats Wireshark understands.

-R <read (display) filter> This option specifies a display filter to be applied when read-

ing packets from a capture file. The syntax of this filter is that

of the display filters discussed in Section 6.3, “Filtering pack-

ets while viewing”. Packets not matching the filter are dis-

carded.

-s <capture snaplen> This option specifies the snapshot length to use when captur-

ing packets. Wireshark will only capture <snaplen> bytes of

data for each packet.

-S This option specifies that Wireshark will display packets as it

captures them. This is done by capturing in one process and

displaying them in a separate process. This is the same as "Up-

date list of packets in real time" in the Capture Options dialog

box.

-t <time stamp format> This option sets the format of packet timestamps that are dis-

played in the packet list window. The format can be one of:

• r relative, which specifies timestamps are displayed relat-

ive to the first packet captured.

• a absolute, which specifies that actual times be displayed

for all packets.

• ad absolute with date, which specifies that actual dates

and times be displayed for all packets.

• d delta, which specifies that timestamps are relative to the

previous packet.

• e epoch, which specifies that timestamps are seconds

since epoch (Jan 1, 1970 00:00:00)

-v The -v option requests Wireshark to print out its version in-

formation and exit.

-w <savefile> This option sets the name of the savefile to be used when sav-

ing a capture file.

Customizing Wireshark

158