User Guide

Related command line tools

218

D.6. rawshark: Dump and analyze network

traffic.

Rawshark reads a stream of packets from a file or pipe, and prints a line describing its output, followed

by a set of matching fields for each packet on stdout.

Example D.4. Help information available from rawshark

$ rawshark -h

Rawshark 1.4.0

Dump and analyze network traffic.

See http://www.wireshark.org for more information.

This is free software; see the source for copying conditions. There is NO

warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Usage: rawshark [options] ...

Input file:

-r <infile> set the pipe or file name to read from

Processing:

-R <read filter> packet filter in Wireshark display filter syntax

-F <field> field to display

-s skip PCAP header on input

-n disable all name resolution (def: all enabled)

-N <name resolve flags> enable specific name resolution(s): "mntC"

-d <encap:dlt>|<proto:protoname>

packet encapsulation or protocol

Output:

-S format string for fields (%D - name, %S - stringval, %N numval)

-t ad|a|r|d|dd|e output format of time stamps (def: r: rel. to first)

-l flush output after each packet

Miscellaneous:

-h display this help and exit

-v display version info and exit

-o <name>:<value> ... override preference setting

D.7. editcap: Edit capture files

Included with Wireshark is a small utility called editcap, which is a command-line utility for working with

capture files. Its main function is to remove packets from capture files, but it can also be used to convert

capture files from one format to another, as well as to print information about capture files.