w write packets to a pcap-format file named “outfile” H read a list of entries from a hosts file, which will “Decode As”, see the man page for details N enable specific name resolution(s): “mntC” n disable all name resolutions (def: all enabled) R packet filter in Wireshark display filter syntax r set the filename to read from (no pipes or stdin!) b … duration:NUM – switch to next file after NUM secsįilesize:NUM – switch to next file after NUM KBįiles:NUM – ringbuffer: replace after NUM files
a … duration:NUM – stop after NUM secondsįilesize:NUM – stop this file after NUM KB L print list of link-layer types of iface and exit y link layer type (def: first appropriate)
f packet filter in libpcap filter syntax i name or idx of interface (def: first non-loopback)
Warranty not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. This is free software see the source for copying conditions. TShark 1.6.8 (SVN Rev 42761 from /trunk-1.6)Ĭopyright 1998-2012 Gerald Combs and contributors. Read in the file with a Wireshark Display Filter:Ĭ:\Program Files (x86)\Wireshark>tshark -r testing.pcap -R “ip.addr eq 224.0.0.2 You must be in the Wireshark directory (or have the location in your PATH environment settings):Ĭ:\Program Files (x86)\Wireshark>tshark -Dġ.
A quick aide-memoir about how to go about capturing traffic from the Windows command line.
0 kommentar(er)
