diff options
author | Jaap Keuter <jaap.keuter@xs4all.nl> | 2011-01-22 10:38:10 +0000 |
---|---|---|
committer | Jaap Keuter <jaap.keuter@xs4all.nl> | 2011-01-22 10:38:10 +0000 |
commit | 205fb11d604937882d04efd18ccb226087e5481e (patch) | |
tree | 3a0006d0a151648ea53d4387b964b4f42548855c /docbook/wsug_src | |
parent | 58fc79bb0403b5510d738146ea431fd9c7ed11e4 (diff) |
Insert and update tshark and dumpcap help information.
svn path=/trunk/; revision=35617
Diffstat (limited to 'docbook/wsug_src')
-rw-r--r-- | docbook/wsug_src/WSUG_app_tools.xml | 93 |
1 files changed, 88 insertions, 5 deletions
diff --git a/docbook/wsug_src/WSUG_app_tools.xml b/docbook/wsug_src/WSUG_app_tools.xml index 1cc8b6fb84..3aae21569a 100644 --- a/docbook/wsug_src/WSUG_app_tools.xml +++ b/docbook/wsug_src/WSUG_app_tools.xml @@ -18,11 +18,92 @@ <para> <application>TShark</application> is a terminal oriented version of Wireshark designed for capturing and displaying packets when an - interactive user interface isn't necessary or available. It supports - the same options as <command>wireshark</command>. For more + interactive user interface isn't necessary or available. It supports + the same options as <command>wireshark</command>. For more information on <command>tshark</command>, see the manual pages (<command>man tshark</command>). </para> + <para> + <example id="AppToolstsharkEx"> + <title>Help information available from tshark</title> + <programlisting> +TShark 1.5.0 +Dump and analyze network traffic. +See http://www.wireshark.org for more information. + +Copyright 1998-2011 Gerald Combs <gerald@wireshark.org> and contributors. +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +Usage: tshark [options] ... + +Capture interface: + -i <interface> name or idx of interface (def: first non-loopback) + -f <capture filter> packet filter in libpcap filter syntax + -s <snaplen> packet snapshot length (def: 65535) + -p don't capture in promiscuous mode + -I capture in monitor mode, if available + -B <buffer size> size of kernel buffer (def: 1MB) + -y <link type> link layer type (def: first appropriate) + -D print list of interfaces and exit + -L print list of link-layer types of iface and exit + +Capture stop conditions: + -c <packet count> stop after n packets (def: infinite) + -a <autostop cond.> ... duration:NUM - stop after NUM seconds + filesize:NUM - stop this file after NUM KB + files:NUM - stop after NUM files +Capture output: + -b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs + filesize:NUM - switch to next file after NUM KB + files:NUM - ringbuffer: replace after NUM files +Input file: + -r <infile> set the filename to read from (no pipes or stdin!) + +Processing: + -R <read filter> packet filter in Wireshark display filter syntax + -n disable all name resolutions (def: all enabled) + -N <name resolve flags> enable specific name resolution(s): "mntC" + -d <layer_type>==<selector>,<decode_as_protocol> ... + "Decode As", see the man page for details + Example: tcp.port==8888,http +Output: + -w <outfile|-> write packets to a pcap-format file named "outfile" + (or to the standard output for "-") + -C <config profile> start with specified configuration profile + -F <output file type> set the output file type, default is libpcap + an empty "-F" option will list the file types + -V add output of packet tree (Packet Details) + -S display packets even when writing to a file + -x add output of hex and ASCII dump (Packet Bytes) + -T pdml|ps|psml|text|fields + format of text output (def: text) + -e <field> field to print if -Tfields selected (e.g. tcp.port); + this option can be repeated to print multiple fields + -E<fieldsoption>=<value> set options for output when -Tfields selected: + header=y|n switch headers on and off + separator=/t|/s|<char> select tab, space, printable character as separator + occurrence=f|l|a print first, last or all occurrences of each field + aggregator=,|/s|<char> select comma, space, printable character as aggregator + quote=d|s|n select double, single, no quotes for values + -t ad|a|r|d|dd|e output format of time stamps (def: r: rel. to first) + -u s|hms output format of seconds (def: s: seconds) + -l flush standard output after each packet + -q be more quiet on stdout (e.g. when using statistics) + -X <key>:<value> eXtension options, see the man page for details + -z <statistics> various statistics, see the man page for details + +Miscellaneous: + -h display this help and exit + -v display version info and exit + -o <name>:<value> ... override preference setting + -K <keytab> keytab file to use for kerberos decryption + -G [report] dump one of several available reports and exit + default report="fields" + use "-G ?" for more help + </programlisting> + </example> + </para> </section> <section id="AppToolstcpdump"> @@ -83,8 +164,7 @@ tcpdump -i <interface> -s 65535 -w <some-file> <example id="AppToolsdumpcapEx"> <title>Help information available from dumpcap</title> <programlisting> -dumpcap -h -Dumpcap 1.4.0 +Dumpcap 1.5.0 Capture network packets and dump them into a libpcap file. See http://www.wireshark.org for more information. @@ -95,12 +175,14 @@ Capture interface: -f <capture filter> packet filter in libpcap filter syntax -s <snaplen> packet snapshot length (def: 65535) -p don't capture in promiscuous mode + -I capture in monitor mode, if available -B <buffer size> size of kernel buffer (def: 1MB) -y <link type> link layer type (def: first appropriate) -D print list of interfaces and exit -L print list of link-layer types of iface and exit + -d print generated BPF code for capture filter -S print statistics for each interface once every second - -M for -D, -L, and -S produce machine-readable output + -M for -D, -L, and -S, produce machine-readable output Stop conditions: -c <packet count> stop after n packets (def: infinite) @@ -109,6 +191,7 @@ Stop conditions: files:NUM - stop after NUM files Output (files): -w <filename> name of file to save (def: tempfile) + -g enable group read access on the output file(s) -b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs filesize:NUM - switch to next file after NUM KB files:NUM - ringbuffer: replace after NUM files |