aboutsummaryrefslogtreecommitdiffstats
path: root/doc/dumpcap.pod
AgeCommit message (Collapse)AuthorFilesLines
2021-10-01Docs: Prep for POD to Asciidoctor conversion.Gerald Combs1-464/+0
[skip ci] Rename each of our .pod files to .adoc. Add pod2adoc.py, which converts POD markup to Asciidoctor, along with customizations specific to us.
2021-09-28Docs: More POD markup cleanup.Gerald Combs1-2/+2
2021-09-23Docs: More POD markup cleanup.Gerald Combs1-1/+1
2021-09-18Docs: Fix some POD markup.Gerald Combs1-3/+3
Fix and normalize some of our POD markup.
2021-07-15Clean up handling of --capture-comment.Guy Harris1-3/+6
Don't store the comments in a capture_options structure, because that's available only if we're being built with capture support, and --capture-comment can be used in TShark when reading a capture file and writing another capture file, with no live capture taking place. This means we don't handle that option in capture_opts_add_opt(); handle it in the programs that support it. Support writing multiple comments in dumpcap when capturing. These changes also fix builds without pcap, and makes --capture-comment work in Wireshark when a capture is started from the command line with -k. Update the help messages to indicate that --capture-comment adds a capture comment, it doesn't change any comment (much less "the" comment, as there isn't necessarily a single comment). Update the man pages: - not to presume that only pcapng files support file comments (even if that's true now, it might not be true in the future); - to note that multiple instances of --capture-comment are supported, and that multiple comments will be written, whether capturing or reading one file and writing another; - clarify that Wireshark doesn't *discard* SHB comments other than the first one, even though it only displays the first one;
2021-03-25Add dumpcap options to set the name and description for a capture source.Guy Harris1-0/+12
Add --ifname and --ifdescr to allow the name and description for an interface or pipe to be set; this overrides the specified name or reported description for an interface, and overrides the pipe path name and provides a description for a pipe. Provide those arguments when capturing from an extcap program. This is mainly for extcaps, so you have something more meaningful than some random path name as the interface name and something descriptive for the description.
2021-01-03[Automatic update for 2021-01-03]Gerald Combs1-1/+1
Update manuf, services enterprise numbers, translations, and other items.
2020-09-17doc: Update wiki URLs in man pages.Gerald Combs1-1/+1
2020-08-08Dumpcap: print closed ring-buffer file namesDavid Perry1-0/+4
This proposal adds a new option '-b printname:<filename>' to dumpcap. If used, dumpcap will print the name of each ring buffer file it creates after it is closed. Allows the use of '-'/'stdout' and 'stderr'. Use case: Since the file name is printed after the file is closed for writing, an automated capture process can do something like the following with the guarantee that the file in question will not be changed. dumpcap -i eth0 -b files:2 -b printname:stdout [-b ...] | \ while read cap_file_name ; do # Do something with $cap_file_name done This sort of scripting is difficult in dumpcap's current form. Dumpcap prints the names of new files to stderr as it *opens* them, so a script attempting to use this must sleep for "-b duration:value" seconds plus some fudge time to be sure it's getting a closed, unchanging file. Change-Id: Idb288cc7c8c30443256d35c8cd4460a2e3f0861c Reviewed-on: https://code.wireshark.org/review/37994 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-04-05Dumpcap manual: remove duplicate '-i' in synopsisJaap Keuter1-1/+0
Commit 3398c2898dcc95c83ab026d62d8a08290ad3cb0b duplicated the '-i' option in the synopsis. Remove this again. Change-Id: I85fb78515910b11e9dff9b3aa876746b2ff11fa4 Reviewed-on: https://code.wireshark.org/review/36678 Reviewed-by: Anders Broman <a.broman58@gmail.com>
2020-04-01Document the -k option.Guy Harris1-0/+43
Change-Id: Ia695e3edcf673495eb8e61edfa72709fda2f99af Reviewed-on: https://code.wireshark.org/review/36663 Petri-Dish: Guy Harris <gharris@sonic.net> Tested-by: Petri Dish Buildbot Reviewed-by: Guy Harris <gharris@sonic.net>
2020-01-05[Automatic update for 2020-01-05]Gerald Combs1-1/+1
Update manuf, services enterprise numbers, translations, and other items. Change-Id: I871629b91d38be26bfe448bf90dfbb47a97acdfa Reviewed-on: https://code.wireshark.org/review/35652 Reviewed-by: Gerald Combs <gerald@wireshark.org>
2019-11-30Documentation: update (long) cmd line optionsJaap Keuter1-26/+26
Documentation of the Tshark and dumpcap command line options between help text, manual page and user's guide diverged over time. One aspect of this is the implementation of more long options. This change tries to update all documentation to be complete and in sync again. Change-Id: Ie8bee013df8d209080fcf288072774f18f9ff51f Reviewed-on: https://code.wireshark.org/review/35261 Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl> Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl> Tested-by: Petri Dish Buildbot Reviewed-by: Michael Mann <mmann78@netscape.net>
2019-03-23Clean up the new-file selection criteria in the GUI.Jeff Morriss1-1/+2
Inspired by looking into https://ask.wireshark.org/question/8009/wireshark-ring-buffer-settings-from-command-line/ ... in which the user was confused because a duration set on the command line was not reflected in the GUI. That's because I0180c43843f5d2f0c2f50153c9ce42ac7fa5aeae added the `interval` ring-buffer option and made the GUI use this rather than `duration`. This was not at all clear in the GUI, though. Since `duration` and `interval` have quite different use cases, expose both in the GUI. Try to clean up and unify the tooltips at the same time. I'm not entirely convinced the tooltips need to be on the checkbox, the spinbox, and the combobox but leave it that way for now. Add some to the man page description of the interval option to hopefully make it clearer what the option does. Change-Id: I3b45fe71c33af64d980dffb5e5ba93e2a15a6b96 Reviewed-on: https://code.wireshark.org/review/32526 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2019-03-08Docs: Mention Npcap in our man pages.Gerald Combs1-1/+1
Mention Npcap whereever we mention WinPcap. Change-Id: I6ee295ca88302e2516d5658a5d528f9675209da8 Reviewed-on: https://code.wireshark.org/review/32352 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2019-01-06[Automatic update for 2019-01-06]Gerald Combs1-1/+1
Update manuf, services enterprise numbers, translations, and other items. Change-Id: I0e282baebc0cda0e54e49eff60827eec02f6f797 Reviewed-on: https://code.wireshark.org/review/31402 Reviewed-by: Gerald Combs <gerald@wireshark.org>
2018-12-06Doc: add mentioning of ip link to get interfacesJaap Keuter1-1/+1
With the introduction of the ip command (from iproute2) on modern Linux systems it becomes common to see this tool available, gradually replacing tools like netstat and ifconfig. Change-Id: I1fb309e741c07c93271b61a35c4833d36bcc5cb8 Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl> Reviewed-on: https://code.wireshark.org/review/30924 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-12-02[Automatic update for 2018-12-02]Gerald Combs1-1/+1
Update manuf, services enterprise numbers, translations, and other items. Change-Id: Idfe3eaa6b9abd2337590a09972ce44266c2893ca Reviewed-on: https://code.wireshark.org/review/30880 Reviewed-by: Gerald Combs <gerald@wireshark.org>
2018-11-16Man pages: Update pipe input documentation.Gerald Combs1-6/+5
Make sure the -i <pipe> documentation is consistent and correct. Change-Id: I9019effb658f914ac754e4ae893eafbe7c4b4da1 Reviewed-on: https://code.wireshark.org/review/30675 Reviewed-by: Gerald Combs <gerald@wireshark.org>
2018-11-09Dumpcap+Qt: Add support for `-a packets:NUM` and `-b packets:NUM`.Gerald Combs1-9/+15
Add the ability to rotate files after a specified number of packets (`-b packets:NUM`). Move some condition checks to capture_loop_write_packet_cb. Add `-a packets:NUM` in order to be consistent. It is functionally equivalent to the `-c` flag. Add a corresponding "packets" option to the Capture Interfaces dialog Output tab. Add initial tests for autostop and ringbuffer conditions. Change-Id: I66eb968927ed287deb8edb96db96d7c73526c257 Reviewed-on: https://code.wireshark.org/review/30534 Reviewed-by: Gerald Combs <gerald@wireshark.org> Petri-Dish: Gerald Combs <gerald@wireshark.org> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-11-01Move condition logic to dumpcap.cGerald Combs1-2/+3
Move the condition logic from capture_stop_conditions.c to dumpcap.c. Remove capture_stop_conditions.[ch] and conditions.[ch]. Switch duration values to doubles. Change-Id: Ifa74fb13ec8fc923b0721597a6cf071d72069ea0 Reviewed-on: https://code.wireshark.org/review/30440 Reviewed-by: Gerald Combs <gerald@wireshark.org> Petri-Dish: Gerald Combs <gerald@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-08-18Docs: Make our Pod documentation encoding uniform.Gerald Combs1-0/+5
We've set "=encoding utf8" in wireshark.pod for a long time. Do so in the rest of our .pod files. Change-Id: I3ef0fb3a88ed63275b4ff4362b6afbf13d79a0bc Reviewed-on: https://code.wireshark.org/review/29182 Reviewed-by: Gerald Combs <gerald@wireshark.org> Petri-Dish: Gerald Combs <gerald@wireshark.org> Tested-by: Petri Dish Buildbot Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2018-01-09Use pcapng as the name of the file format.Guy Harris1-6/+6
At one point, I remember a discussion resulting in the official name of the next-generation replacement for pcap format being changed to "pcapng", with no hyphen. Make Wireshark reflect that. Change-Id: Ie66fb13a0fe3a8682143106dab601952e9154e2a Reviewed-on: https://code.wireshark.org/review/25214 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2017-08-22Add hardware timestamping supportAhmad Fatoum1-1/+13
pcap provides a pcap_set_tstamp_type function, which can be used to request hardware timestamps from a supporting kernel. This patch adds support for aforementioned function as well as two new command line options to dumpcap, wireshark and tshark: --list-time-stamp-types List time stamp types supported for the interface --time-stamp-type <type> Change the interface's timestamp method Name choice mimics those used by tcpdump(1), which already supports this feature. However, unlike tcpdump, we provide both options unconditionally. If Wireshark was configured without pcap_set_tstamp_type being available, --list-time-stamp-types reports an empty list. Change-Id: I418a4b2b84cb01949cd262aad0ad8427f5ac0652 Signed-off-by: Ahmad Fatoum <ahmad.fatoum@siemens.com> Reviewed-on: https://code.wireshark.org/review/23113 Petri-Dish: Guy Harris <guy@alum.mit.edu> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2017-07-03Add option to use wall-clock intervalsSake Blok1-4/+7
Add the "interval" option to "-b". Each new capture starts at the exact start of a time interval. For instance, using -b interval:3600 will start a new capture file at each whole hour. Changed the duration option in the GUI interfaces to use the new interval option. Change-Id: I0180c43843f5d2f0c2f50153c9ce42ac7fa5aeae Reviewed-on: https://code.wireshark.org/review/22428 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Sake Blok <sake.blok@SYN-bit.nl>
2017-03-28Reflect new default value of snaplen in man pages.Martin Sehnoutka1-1/+1
Default value for snaplen is defined in wiretap/wtap.h: #define WTAP_MAX_PACKET_SIZE 262144 and used in capture_opts.c: capture_opts->default_options.snaplen = WTAP_MAX_PACKET_SIZE; but help and man pages don't reflect this change. Change-Id: I35ddf1e8b7ffd657f4e01b3fe6b4c44c9acece2b Reviewed-on: https://code.wireshark.org/review/20738 Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com> Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2017-03-12rpcap URLs *require* the :<port> argument for remote capture - update manpage.Joerg Mayer1-2/+2
Change-Id: Iabae39347bc0058d106a9b00d81629899bc93249 Reviewed-on: https://code.wireshark.org/review/20526 Reviewed-by: Jörg Mayer <jmayer@loplof.de>
2016-10-04Man pages: Update -D flag text.Gerald Combs1-3/+3
Refer to "Windows" instead of "Windows 2000". Add an "ip link show" breadcrumb. Change-Id: Ie1faa1d30b0ac63de35b0385cbb1306f08828e61 Reviewed-on: https://code.wireshark.org/review/18056 Reviewed-by: Gerald Combs <gerald@wireshark.org>
2016-01-27Allow/Create an option to use "capture filter" labels defined in wireshark ↵Mike781-0/+4
GUI from CLI Move ui/filters.[ch] to filter_files.[ch] because dumpcap is using functionality. Bug: 8091 Change-Id: I195c82fc023f97d6f331b8718c45a2d83d30faea Reviewed-on: https://code.wireshark.org/review/5925 Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-03-10Change a lot of http:// URLs to https://.Gerald Combs1-1/+1
Most of our sites are now HTTPS-only. Update URLs accordingly. Update other URLs while we're at it. Remove or comment out dead links. Change-Id: I7c4f323e6585d22760bb90bf28fc0faa6b893a33 Reviewed-on: https://code.wireshark.org/review/7621 Petri-Dish: Gerald Combs <gerald@wireshark.org> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Gerald Combs <gerald@wireshark.org>
2014-09-17Update the doc directory to use https://www.wireshark.org.Gerald Combs1-2/+2
Change-Id: I9bfc57cb6b6ab6962b80ff58d98eb351d6f69829 Reviewed-on: https://code.wireshark.org/review/4140 Reviewed-by: Gerald Combs <gerald@wireshark.org>
2013-12-02Specify SI units for the max filesize autostop condition. For now, keep the ↵Chris Maynard1-7/+7
capture buffer size in IEC units, but document it as such. #BACKPORT(1.10, 1.8(?)) svn path=/trunk/; revision=53728
2013-08-29Handle the 2GiB boundary case of the max filesize autostop condition ↵Chris Maynard1-4/+4
properly so that we avoid overflow conditions and so that we ensure we don't capture more than 2GiB. Also, document the max filesize autostop value of 2GIB as well as indicating that it's truly GiB and not GB. This fixes the problem reported on ask: http://ask.wireshark.org/questions/23891/wireshark-wont-run-with-multiple-capture-files #BACKPORT(1.10) ... not sure about 1.8? svn path=/trunk/; revision=51576
2013-08-01add --capture-comment to tshark's manpageMartin Kaiser1-1/+1
fix a typo in the dumpcap manpage svn path=/trunk/; revision=51096
2013-07-28If a core Wireshark developer repeatedly can't remember that theGuy Harris1-7/+7
argument to the -F flag for pcap format is "libpcap", not "pcap", we have a problem. Make it "pcap", and add a backwards-compatibility hack to support using "libpcap" as well. Update the man pages to refer to it as pcap as well, and fix the capitalization of "WinPcap" (see http://www.winpcap.org) while we're at it. Also, refer to http://www.tcpdump.org/linktypes.html for the list of link-layer header types for pcap and pcap-ng. svn path=/trunk/; revision=50989
2013-07-27add --capture-comment to dumpcap's manpageMartin Kaiser1-0/+9
svn path=/trunk/; revision=50947
2013-06-24Dumpcap can write raw packets to stdoutBalint Reczey1-3/+1
svn path=/trunk/; revision=50126
2013-05-20If tcpdump doesn't exist, why refer to it? Omit this confusing phrase.Chris Maynard1-1/+1
svn path=/trunk/; revision=49427
2013-03-10Make the memory limit (in bytes or packets) used for storing packetsMichael Tüxen1-0/+16
configurable via command line options and print specific drop numbers at the end. This allows to tune the buffering when using multiple threads. This also fixes a logic arrow in enforcing the limits. The patch for the enhanced counters is from Anders Broman. svn path=/trunk/; revision=48223
2013-03-10Add -t to synopsis.Michael Tüxen1-0/+1
svn path=/trunk/; revision=48221
2013-02-28Default capture buffer size is now 2MB.Jeff Morriss1-2/+2
svn path=/trunk/; revision=47937
2013-02-03describe the -t option in the dumpcap manpageMartin Kaiser1-0/+4
(use the same text that dumpcap -V prints) svn path=/trunk/; revision=47455
2012-12-12Document the "-g" option to dumpcap.Jeff Morriss1-0/+7
Add that option to tshark, too, and document it. The option can't be given to Wireshark because the GUI already has a "-g" (goto packet). svn path=/trunk/; revision=46513
2012-06-08Some minimal documentation of remote capture interface formats for both ↵Chris Maynard1-2/+2
rpcap and the new TCP feature from bug 2788. svn path=/trunk/; revision=43156
2012-05-12From r37696 default file format for dumpcap is pcap-ng. Fix manuals.Jakub Zawadzki1-4/+3
svn path=/trunk/; revision=42600
2012-03-15Correct the sorting of the options in the synopsis.Chris Maynard1-1/+1
svn path=/trunk/; revision=41564
2012-02-03The libpcap puts pcap-filter into the misc section (which seems to be 7).Jörg Mayer1-3/+3
Refer to pcap-filter and mention tcpdump only as a fallback. svn path=/trunk/; revision=40820
2011-09-23The -D, -L and -S options are mutually exclusive, so change "and" to "or".Chris Maynard1-1/+1
svn path=/trunk/; revision=39113
2011-06-28Document the handling of command line parameters with respect toMichael Tüxen1-0/+44
the capturing on multiple interfaces. svn path=/trunk/; revision=37824
2011-06-17Make pcap-ng the default. Add a compile-time option to prefer pcap-ng orGerald Combs1-2/+8
pcap. Add a "-P" capture option which tries to use pcap instead of pcap-ng ("-P" seemed to be the best option but we may want to use a different letter). Update the documentation and release notes. svn path=/trunk/; revision=37696
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-26 22:06:32 +0000