User Guide

ManualsBrandsWireshark ManualsSoftwareWireshark Wireshark - 1.5

151

152

153

154

155

156

157

158

159

160

Customizing Wireshark

141

-c <capture packet count> This option specifies the maximum number of packets to capture

when capturing live data. It would be used in conjunction with the

-k option.

-D Print a list of the interfaces on which Wireshark can capture, and

exit. For each network interface, a number and an interface name,

possibly followed by a text description of the interface, is printed.

The interface name or the number can be supplied to the -i flag to

specify an interface on which to capture.

This can be useful on systems that don't have a command to list

them (e.g., Windows systems, or UNIX systems lacking ifconfig -

a); the number can be useful on Windows 2000 and later systems,

where the interface name is a somewhat complex string.

Note that "can capture" means that Wireshark was able to open

that device to do a live capture; if, on your system, a program

doing a network capture must be run from an account with special

privileges (for example, as root), then, if Wireshark is run with the

-D flag and is not run from such an account, it will not list any

interfaces.

-f <capture filter> This option sets the initial capture filter expression to be used when

capturing packets.

-g <packet number> After reading in a capture file using the -r flag, go to the given

packet number.

-h The -h option requests Wireshark to print its version and usage

instructions (as shown above) and exit.

-i <capture interface> Set the name of the network interface or pipe to use for live packet

capture.

Network interface names should match one of the names listed

in wireshark -D (described above); a number, as reported by

wireshark -D, can also be used. If you're using UNIX, netstat -i or

ifconfig -a might also work to list interface names, although not all

versions of UNIX support the -a flag to ifconfig.

If no interface is specified, Wireshark searches the list of interfaces,

choosing the first non-loopback interface if there are any non-

loopback interfaces, and choosing the first loopback interface if

there are no non-loopback interfaces; if there are no interfaces,

Wireshark reports an error and doesn't start the capture.

Pipe names should be either the name of a FIFO (named pipe) or

``-'' to read data from the standard input. Data read from pipes must

be in standard libpcap format.

-J <jump filter> After reading in a capture file using the -r flag, jump to the first

packet which matches the filter expression. The filter expression is

in display filter format. If an exact match cannot be found the first

packet afterwards is selected.

-j Use this option after the -J option to search backwards for a first

packet to go to.