aboutsummaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/dumpcap.pod44
-rw-r--r--doc/tshark.pod44
-rw-r--r--doc/wireshark.pod.template57
3 files changed, 145 insertions, 0 deletions
diff --git a/doc/dumpcap.pod b/doc/dumpcap.pod
index 861db49dde..4d83a3bec3 100644
--- a/doc/dumpcap.pod
+++ b/doc/dumpcap.pod
@@ -123,6 +123,13 @@ This is available on UNIX systems with libpcap 1.0.0 or later and on
Windows. It is not available on UNIX systems with earlier versions of
libpcap.
+This option can occur multiple times. If used before the first
+occurrence of the B<-i> option, it sets the default capture buffer size.
+If used after an B<-i> option, it sets the capture buffer size for
+the interface specified by the last B<-i> option occurring before
+this option. If the capture buffer size is not set specifically,
+the default capture buffer size is used if provided.
+
=item -c E<lt>capture packet countE<gt>
Set the maximum number of packets to read when capturing live
@@ -160,6 +167,13 @@ Set the capture filter expression.
The entire filter expression must be specified as a single argument (which means
that if it contains spaces, it must be quoted).
+This option can occur multiple times. If used before the first
+occurrence of the B<-i> option, it sets the default capture filter expression.
+If used after an B<-i> option, it sets the capture filter expression for
+the interface specified by the last B<-i> option occurring before
+this option. If the capture filter expression is not set specifically,
+the default capture filter expression is used if provided.
+
=item -h
Print the version and options and exits.
@@ -185,6 +199,9 @@ Pipe names should be either the name of a FIFO (named pipe) or ``-'' to
read data from the standard input. Data read from pipes must be in
standard libpcap format.
+This option can occur multiple times. When capturing from multiple
+interfaces, the capture file will be saved in pcap-ng format.
+
Note: the Win32 version of B<Dumpcap> doesn't support capturing from
pipes or stdin!
@@ -200,6 +217,12 @@ files on a network server, or resolving host names or network addresses,
if you are capturing in monitor mode and are not connected to another
network with another adapter.
+This option can occur multiple times. If used before the first
+occurrence of the B<-i> option, it enables the monitor mode for all interfaces.
+If used after an B<-i> option, it enables the monitor mode for
+the interface specified by the last B<-i> option occurring before
+this option.
+
=item -L
List the data link types supported by the interface and exit. The reported
@@ -224,6 +247,13 @@ traffic sent to or from the machine on which B<Dumpcap> is running,
broadcast traffic, and multicast traffic to addresses received by that
machine.
+This option can occur multiple times. If used before the first
+occurrence of the B<-i> option, no interface will be put into the
+promiscuous mode.
+If used after an B<-i> option, the interface specified by the last B<-i>
+option occurring before this option will not be put into the
+promiscuous mode.
+
=item -P
Save files as pcap instead of the default pcap-ng. In situations that require
@@ -248,6 +278,13 @@ No more than I<snaplen> bytes of each network packet will be read into
memory, or saved to disk. A value of 0 specifies a snapshot length of
65535, so that the full packet is captured; this is the default.
+This option can occur multiple times. If used before the first
+occurrence of the B<-i> option, it sets the default snapshot length.
+If used after an B<-i> option, it sets the snapshot length for
+the interface specified by the last B<-i> option occurring before
+this option. If the snapshot length is not set specifically,
+the default snapshot length is used if provided.
+
=item -S
Print statistics for each interface once every second.
@@ -267,6 +304,13 @@ NOTE: The usage of "-" for stdout is not allowed here!
Set the data link type to use while capturing packets. The values
reported by B<-L> are the values that can be used.
+This option can occur multiple times. If used before the first
+occurrence of the B<-i> option, it sets the default capture link type.
+If used after an B<-i> option, it sets the capture link type for
+the interface specified by the last B<-i> option occurring before
+this option. If the capture link type is not set specifically,
+the default capture link type is used if provided.
+
=back
=head1 CAPTURE FILTER SYNTAX
diff --git a/doc/tshark.pod b/doc/tshark.pod
index 6fcb0d8216..8ef18ba781 100644
--- a/doc/tshark.pod
+++ b/doc/tshark.pod
@@ -214,6 +214,13 @@ This is available on UNIX systems with libpcap 1.0.0 or later and on
Windows. It is not available on UNIX systems with earlier versions of
libpcap.
+This option can occur multiple times. If used before the first
+occurrence of the B<-i> option, it sets the default capture buffer size.
+If used after an B<-i> option, it sets the capture buffer size for
+the interface specified by the last B<-i> option occurring before
+this option. If the capture buffer size is not set specifically,
+the default capture buffer size is used if provided.
+
=item -c E<lt>capture packet countE<gt>
Set the maximum number of packets to read when capturing live
@@ -308,6 +315,13 @@ uses double-quotes, B<s> single-quotes, B<n> no quotes (the default).
Set the capture filter expression.
+This option can occur multiple times. If used before the first
+occurrence of the B<-i> option, it sets the default capture filter expression.
+If used after an B<-i> option, it sets the capture filter expression for
+the interface specified by the last B<-i> option occurring before
+this option. If the capture filter expression is not set specifically,
+the default capture filter expression is used if provided.
+
=item -F E<lt>file formatE<gt>
Set the file format of the output capture file written using the B<-w>
@@ -433,6 +447,9 @@ Pipe names should be either the name of a FIFO (named pipe) or ``-'' to
read data from the standard input. Data read from pipes must be in
standard libpcap format.
+This option can occur multiple times. When capturing from multiple
+interfaces, the capture file will be saved in pcap-ng format.
+
Note: the Win32 version of B<TShark> doesn't support capturing from
pipes!
@@ -448,6 +465,12 @@ files on a network server, or resolving host names or network addresses,
if you are capturing in monitor mode and are not connected to another
network with another adapter.
+This option can occur multiple times. If used before the first
+occurrence of the B<-i> option, it enables the monitor mode for all interfaces.
+If used after an B<-i> option, it enables the monitor mode for
+the interface specified by the last B<-i> option occurring before
+this option.
+
=item -K E<lt>keytabE<gt>
Load kerberos crypto keys from the specified keytab file.
@@ -518,6 +541,13 @@ traffic sent to or from the machine on which B<TShark> is running,
broadcast traffic, and multicast traffic to addresses received by that
machine.
+This option can occur multiple times. If used before the first
+occurrence of the B<-i> option, no interface will be put into the
+promiscuous mode.
+If used after an B<-i> option, the interface specified by the last B<-i>
+option occurring before this option will not be put into the
+promiscuous mode.
+
=item -q
When capturing packets, don't display the continuous count of packets
@@ -554,6 +584,13 @@ No more than I<snaplen> bytes of each network packet will be read into
memory, or saved to disk. A value of 0 specifies a snapshot length of
65535, so that the full packet is captured; this is the default.
+This option can occur multiple times. If used before the first
+occurrence of the B<-i> option, it sets the default snapshot length.
+If used after an B<-i> option, it sets the snapshot length for
+the interface specified by the last B<-i> option occurring before
+this option. If the snapshot length is not set specifically,
+the default snapshot length is used if provided.
+
=item -S
Decode and display packets even while writing raw packet data using the
@@ -665,6 +702,13 @@ default Lua scripts.
Set the data link type to use while capturing packets. The values
reported by B<-L> are the values that can be used.
+This option can occur multiple times. If used before the first
+occurrence of the B<-i> option, it sets the default capture link type.
+If used after an B<-i> option, it sets the capture link type for
+the interface specified by the last B<-i> option occurring before
+this option. If the capture link type is not set specifically,
+the default capture link type is used if provided.
+
=item -z E<lt>statisticsE<gt>
Get B<TShark> to collect various types of statistics and display the result
diff --git a/doc/wireshark.pod.template b/doc/wireshark.pod.template
index 25d1cb8a5a..685cfb4b68 100644
--- a/doc/wireshark.pod.template
+++ b/doc/wireshark.pod.template
@@ -18,6 +18,7 @@ S<[ B<-g> E<lt>packet numberE<gt> ]>
S<[ B<-h> ]>
S<[ B<-H> ]>
S<[ B<-i> E<lt>capture interfaceE<gt>|- ]>
+S<[ B<-I> ]>
S<[ B<-J> E<lt>jump filterE<gt> ]>
S<[ B<-j> ]>
S<[ B<-k> ]>
@@ -252,6 +253,13 @@ This is available on UNIX systems with libpcap 1.0.0 or later and on
Windows. It is not available on UNIX systems with earlier versions of
libpcap.
+This option can occur multiple times. If used before the first
+occurrence of the B<-i> option, it sets the default capture buffer size.
+If used after an B<-i> option, it sets the capture buffer size for
+the interface specified by the last B<-i> option occurring before
+this option. If the capture buffer size is not set specifically,
+the default capture buffer size is used if provided.
+
=item -c E<lt>capture packet countE<gt>
Set the maximum number of packets to read when capturing live
@@ -290,6 +298,13 @@ under Windows.
Set the capture filter expression.
+This option can occur multiple times. If used before the first
+occurrence of the B<-i> option, it sets the default capture filter expression.
+If used after an B<-i> option, it sets the capture filter expression for
+the interface specified by the last B<-i> option occurring before
+this option. If the capture filter expression is not set specifically,
+the default capture filter expression is used if provided.
+
=item -g E<lt>packet numberE<gt>
After reading in a capture file using the B<-r> flag, go to the given I<packet number>.
@@ -324,6 +339,27 @@ read data from the standard input. On Windows systems, pipe names must be
of the form ``\\pipe\.\B<pipename>''. Data read from pipes must be in
standard libpcap format.
+This option can occur multiple times. When capturing from multiple
+interfaces, the capture file will be saved in pcap-ng format.
+
+=item -I
+
+Put the interface in "monitor mode"; this is supported only on IEEE
+802.11 Wi-Fi interfaces, and supported only on some operating systems.
+
+Note that in monitor mode the adapter might disassociate from the
+network with which it's associated, so that you will not be able to use
+any wireless networks with that adapter. This could prevent accessing
+files on a network server, or resolving host names or network addresses,
+if you are capturing in monitor mode and are not connected to another
+network with another adapter.
+
+This option can occur multiple times. If used before the first
+occurrence of the B<-i> option, it enables the monitor mode for all interfaces.
+If used after an B<-i> option, it enables the monitor mode for
+the interface specified by the last B<-i> option occurring before
+this option.
+
=item -J E<lt>jump filterE<gt>
After reading in a capture file using the B<-r> flag, jump to the packet
@@ -423,6 +459,13 @@ traffic sent to or from the machine on which B<Wireshark> is running,
broadcast traffic, and multicast traffic to addresses received by that
machine.
+This option can occur multiple times. If used before the first
+occurrence of the B<-i> option, no interface will be put into the
+promiscuous mode.
+If used after an B<-i> option, the interface specified by the last B<-i>
+option occurring before this option will not be put into the
+promiscuous mode.
+
=item -P E<lt>path settingE<gt>
Special path settings usually detected automatically. This is used for
@@ -467,6 +510,13 @@ No more than I<snaplen> bytes of each network packet will be read into
memory, or saved to disk. A value of 0 specifies a snapshot length of
65535, so that the full packet is captured; this is the default.
+This option can occur multiple times. If used before the first
+occurrence of the B<-i> option, it sets the default snapshot length.
+If used after an B<-i> option, it sets the snapshot length for
+the interface specified by the last B<-i> option occurring before
+this option. If the snapshot length is not set specifically,
+the default snapshot length is used if provided.
+
=item -t ad|a|r|d|dd|e
Set the format of the packet timestamp displayed in the packet list
@@ -505,6 +555,13 @@ If a capture is started from the command line with B<-k>, set the data
link type to use while capturing packets. The values reported by B<-L>
are the values that can be used.
+This option can occur multiple times. If used before the first
+occurrence of the B<-i> option, it sets the default capture link type.
+If used after an B<-i> option, it sets the capture link type for
+the interface specified by the last B<-i> option occurring before
+this option. If the capture link type is not set specifically,
+the default capture link type is used if provided.
+
=item -X E<lt>eXtension optionsE<gt>
Specify an option to be passed to an B<Wireshark> module. The eXtension option
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-16 20:04:45 +0000