User Guide
task based?
-a <capture autostop condition> Specify a criterion that specifies when Wireshark is to stop
writing to a capture file. The criterion is of the form
test:value, where test is one of:
duration:value Stop writing to a capture file after
value of seconds have elapsed.
filesize:value Stop writing to a capture file after it
reaches a size of value kilobytes
(where a kilobyte is 1000 bytes, not
1024 bytes). If this option is used to-
gether with the -b option, Wireshark
will stop writing to the current capture
file and switch to the next one if files-
ize is reached.
files:value Stop writing to capture files after
value number of files were written.
-b <capture ring buffer option> If a maximum capture file size was specified, this option
causes Wireshark to run in "ring buffer" mode, with the spe-
cified number of files. In "ring buffer" mode, Wireshark will
write to several capture files. Their name is based on the
number of the file and on the creation date and time.
When the first capture file fills up, Wireshark will switch to
writing to the next file, until it fills up the last file, at which
point it'll discard the data in the first file (unless 0 is spe-
cified, in which case, the number of files is unlimited) and
start writing to that file and so on.
If the optional duration is specified, Wireshark will also
switch to the next file when the specified number of seconds
has elapsed even if the current file is not completely fills up.
duration:value Switch to the next file after value
seconds have elapsed, even if the cur-
rent file is not completely filled up.
filesize:value Switch to the next file after it reaches
a size of value kilobytes (where a kilo-
byte is 1000 bytes, not 1024 bytes).
files:value Begin again with the first file after
value number of files were written
(form a ring buffer).
-B <capture buffer size (Win32
only)>
Win32 only: set capture buffer size (in MB, default is 1MB).
This is used by the the capture driver to buffer packet data un-
til that data can be written to disk. If you encounter packet
drops while capturing, try to increase this size.
-c <capture packet count> This option specifies the maximum number of packets to cap-
ture when capturing live data. It would be used in conjunction
with the -k option.
-D Print a list of the interfaces on which Wireshark can capture,
and exit. For each network interface, a number and an inter-
face name, possibly followed by a text description of the in-
terface, is printed. The interface name or the number can be
Customizing Wireshark
166