aboutsummaryrefslogtreecommitdiffstats
path: root/doc/tshark.pod
AgeCommit message (Collapse)AuthorFilesLines
2012-03-15Sort the -z options.Chris Maynard1-250/+250
svn path=/trunk/; revision=41560
2012-02-27Add documentation for the the tshark follow tcp/udp streams feature addedJeff Morriss1-3/+58
with https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6684 svn path=/trunk/; revision=41212
2012-02-07Update the documentation to match the sort order. This documentation error ↵Chris Maynard1-1/+1
was pointed out by Markus Amend on -users. Reference: http://article.gmane.org/gmane.network.wireshark.user/14477 (BTW, I quickly scanned through tap-iousers.c:iousers_draw() and the sorting seems to be very inefficient.) svn path=/trunk/; revision=40911
2012-02-03The libpcap puts pcap-filter into the misc section (which seems to be 7).Jörg Mayer1-3/+3
Refer to pcap-filter and mention tcpdump only as a fallback. svn path=/trunk/; revision=40820
2011-11-30Add missing comments in syntax description for -z expertMartin Mathieson1-1/+1
svn path=/trunk/; revision=40050
2011-11-30Change the -z args for expert item. You can now give the minimum severity ↵Martin Mathieson1-6/+7
level to report as well as a filter. Also, now show duplicate reports only once, and give the frequency rather than the frame number. svn path=/trunk/; revision=40049
2011-11-08From Michael Mann via ↵Chris Maynard1-3/+3
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6377, with the tshark man page update by me: tshark -z io,stat,interval,"[SUM|MIN|MAX|AVG](field)field [and filter]" should support floating point. svn path=/trunk/; revision=39767
2011-09-28Rather than complain and quit if -V is missing when -O <protocols> is used, ↵Chris Maynard1-4/+11
do the user a favor and continue as if -V had been specified. Add explicit documentation of the -O <protocols> option to the man page. svn path=/trunk/; revision=39175
2011-09-27Add a new tshark option for being able to specify an alternate line ↵Chris Maynard1-10/+20
separator between packets. The option chosen was "-S <separator>". The former -S option was renamed to -P, and the former -P option, which was previously undocumented, was renamed to -2. This fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5342. svn path=/trunk/; revision=39168
2011-09-23Fix a couple of typos and use 2 spaces consistently after a period.Chris Maynard1-65/+65
svn path=/trunk/; revision=39092
2011-09-23Trivial: Add missing <interval> in one case of tshark -z io,stat usage.Chris Maynard1-1/+1
svn path=/trunk/; revision=39091
2011-09-15Add a tap for showing all expert items.Martin Mathieson1-0/+15
svn path=/trunk/; revision=39010
2011-09-15Alphabetical order, please.Guy Harris1-1/+1
svn path=/trunk/; revision=39009
2011-07-14Add LTE RLC stats tap to tshark.Martin Mathieson1-1/+16
svn path=/trunk/; revision=38019
2011-07-14Add LTE MAC statistics to tshark.Martin Mathieson1-0/+15
svn path=/trunk/; revision=38016
2011-06-28Document the handling of command line parameters with respect toMichael Tüxen1-0/+44
the capturing on multiple interfaces. svn path=/trunk/; revision=37824
2011-06-07Add description of LOAD stats for tshark to the manpageRonnie Sahlberg1-2/+25
svn path=/trunk/; revision=37587
2011-06-05From Cal Turney:Anders Broman1-27/+89
1.) The resolution of the time values displayed by tshark's "-z io,stat, ..." should be increased from milliseconds to microseconds (from 3 to 6 decimal places) in order to be consistent with -z relative time-related options such as "-z smb,rtt" and "-z rpc,rtt" which display values to 5 decimal places. [Please note that separate enhancement requests for 6 decimal of precision in Wireshark will be submitted shortly.) 2.) The "frames bytes" column displayed in '-z io,stat' is too narrow, frames and bytes should each have 15 spaces like all the other column types. 3.) The types "FRAMES" and "BYTES" should be added to allow users to display these values separately and allow for filters to be specified. 4.) The 'SUM' option should allow for relative time values such as SRTs to be summed. This would be useful for the calculation of such things as request concurrency (total_SRT_time / duration). 5.) The tshark man page needs some corrections and readability improvements https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4915 svn path=/trunk/; revision=37555
2011-04-29From Edwin Groothuis via bug 5870:Stig Bjørlykke1-1/+5
The supplied patch adds a new option -O, which specifies a list of protocols (names can be found with the "-G protocols" option) to be fully decoded while the others only show the layer header. svn path=/trunk/; revision=36947
2011-04-12Fix tshark doc (ip.src==1.2.3.4) is not a valid filter for ICMPv6 trafic ;)Alexis La Goutte1-2/+2
svn path=/trunk/; revision=36582
2011-04-11Add conversation tracking and tshark tap support to ICMPv6. Fixes bug 5810.Chris Maynard1-0/+11
TODO: Add a Wireshark tap or look into possibly using the stats tree instead. Also, like ICMP, the ICMPv6 payload appears to carry the sender's timestamp, so it might be possible to make use of this information to estimate the total SRT. (See bug 5770 for more details.) svn path=/trunk/; revision=36561
2011-04-06Add computation of median and change standard deviation calculation to "sample"Chris Maynard1-1/+2
standard deviation. Split statistics output onto 2 lines. svn path=/trunk/; revision=36501
2011-04-05Add ICMP tap support, and add a tshark tap to measure such things as:Chris Maynard1-0/+10
* Number of ICMP echo requests, replies, lost replies and percent loss. * Min, Max, Average SRT (Service Response Time), and standard deviation. (This is my first tap, so hopefully I didn't miss something, but we'll see ...) TODO: Add a Wireshark tap. svn path=/trunk/; revision=36480
2011-03-27Add "-z hosts", which dumps name resolution information in hosts format.Gerald Combs1-0/+8
svn path=/trunk/; revision=36372
2011-03-24Add initial pcapng name resolution record support. Wireshark has readGerald Combs1-0/+26
support; TShark has read+write support. Additionally TShark can read a "hosts" file and write those records to a capture file. This uses "struct addrinfo" in many places and probably won't compile on some platforms. svn path=/trunk/; revision=36318
2011-03-23From: http://www.wireshark.org/lists/wireshark-dev/201103/msg00157.htmlChris Maynard1-31/+59
Change RTT references to SRT. (tshark.pod could use a description for -z afp,srt and -z camel,srt) svn path=/trunk/; revision=36297
2010-11-27From OKANO Takayoshi via bug #5442: Fix typos in documentationStephen Fisher1-1/+1
svn path=/trunk/; revision=35038
2010-11-09Fixed typos.Chris Maynard1-14/+11
svn path=/trunk/; revision=34815
2010-10-20Add IPFIX_RECORDS_TO_CHECK to the environment variable section.Jeff Morriss1-0/+7
svn path=/trunk/; revision=34590
2010-09-02Introduce 2 new environment variables: WIRESHARK_EP_VERIFY_POINTERS andJeff Morriss1-15/+29
WIRESHARK_SE_VERIFY_POINTERS that control whether or not we verify if a given pointer is ep_ or se_ allocated, respectively. Turn the behavior off by default for speed reasons (the speed difference isn't huge, but...). Turn the behavior on when fuzz testing. Document these two new variables in the man pages. svn path=/trunk/; revision=34046
2010-07-14Add an option to print the first, the last or all occurrences of each fieldSake Blok1-0/+5
(when using tshark -T fields) svn path=/trunk/; revision=33529
2010-07-14Make 'tshark -T fields' print all values for fields with multiple occurences.Sake Blok1-1/+7
svn path=/trunk/; revision=33527
2010-06-18From Jim Young:Anders Broman1-0/+92
The attached patch simply documents a long supported but hidden tshark -G option. Tshark's print_usage() has been augmented as well as the tshark man page. svn path=/trunk/; revision=33253
2010-05-27Document the maximum number of files in a ring buffer, including a warning ↵Jeff Morriss1-15/+24
about using large numbers of files. svn path=/trunk/; revision=32999
2010-05-08The default capture buffer size is, in fact, *nominally* 1MB; however,Guy Harris1-4/+7
libpcap/WinPcap and the capture mechanism atop which they run might either silently limit the buffer size to a smaller value or raise it to a higher value - that's the part that's platform-dependent. svn path=/trunk/; revision=32718
2010-05-07-B is no longer Windows-only.Guy Harris1-5/+10
svn path=/trunk/; revision=32707
2010-05-07Add monitor mode support to TShark.Guy Harris1-0/+13
svn path=/trunk/; revision=32704
2010-04-14In the section on WIRESHARK_ABORT_ON_DISSECTOR_BUG, give the name of theGuy Harris1-5/+8
program the man page describes, and give a bit more detail. svn path=/trunk/; revision=32458
2010-04-13Add an entry to the environment variable section about ↵Jeff Morriss1-0/+8
WIRESHARK_ABORT_ON_DISSECTOR_BUG svn path=/trunk/; revision=32457
2010-04-12Point out that hostname and MAC address resolution in capture filters will notJeff Morriss1-0/+8
use any of the Wireshark "personal" files. This helps to address the complaint in: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2904 svn path=/trunk/; revision=32452
2010-04-09As requested in:Jeff Morriss1-1/+2
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2132 Point to the Wiki's page on capture filter syntax in case neither libpcap's nor tcpdump's man pages are available (e.g., on Windows). svn path=/trunk/; revision=32435
2010-03-26From Andrej Kuehnal:Anders Broman1-0/+43
tap-diameter-avp.patch: - make diameter.cmd_code configurable rather than hard coded in - more fields in the output - documetation/man pages + usage examples - switch option parser from stdlib to glib to avoid troubles with M$ c++ diameter-dict.patch remove strage spaces in the AVP names. svn path=/trunk/; revision=32294
2010-03-19Clarify that "-b" with the "files" criterion needs either duration or filesizeJeff Morriss1-5/+8
to be set. Clarify that each "-b" criterion needs the "-b" option (see bug 4573). Fix a couple of typos. svn path=/trunk/; revision=32245
2010-02-24Add descriptions of a few more environment variables that affect *shark's ↵Jeff Morriss1-0/+26
operation svn path=/trunk/; revision=31973
2009-12-11Split "willcollect" into its two component words.Guy Harris1-12/+12
Document "-z conv,ipv6" for Wireshark. Rewrite the descriptions of the "-z conv,{type}" options a bit. svn path=/trunk/; revision=31233
2009-12-11As long as we have an IPv6 tap, we might as well add a "conv,ipv6"Guy Harris1-1/+2
statistic to TShark. svn path=/trunk/; revision=31232
2009-10-20Take a stab at adding a section on environment variables that affect ↵Jeff Morriss1-89/+128
*shark's behavior. So far, all the emem variables are included. svn path=/trunk/; revision=30648
2009-08-28Add an example for generating CSV output.Gerald Combs1-1/+7
svn path=/trunk/; revision=29597
2009-07-13Fix one place where we didn't mention "-t dd".Guy Harris1-3/+5
Put the description of the default time format after the description of all the time formats, i.e. say "the default is relative" after we say what "relative" is. svn path=/trunk/; revision=29089
2009-07-13From Reinhard Speyerer:Jaap Keuter1-1/+4
The description of tshark -t dd is missing from tshark.pod. svn path=/trunk/; revision=29088
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-24 08:33:49 +0000