User Guide

ManualsBrandsWireshark ManualsSoftwareWireshark Wireshark - 1.5

151

152

153

154

155

156

157

158

159

160

Customizing Wireshark

142

-k The -k option specifies that Wireshark should start capturing

packets immediately. This option requires the use of the -i

parameter to specify the interface that packet capture will occur

from.

-l This option turns on automatic scrolling if the packet list pane is

being updated automatically as packets arrive during a capture ( as

specified by the -S flag).

-L List the data link types supported by the interface and exit.

-m <font> This option sets the name of the font used for most text displayed

by Wireshark. XXX - add an example!

-n Disable network object name resolution (such as hostname, TCP

and UDP port names).

-N <name resolving flags> Turns on name resolving for particular types of addresses and port

numbers; the argument is a string that may contain the letters m

to enable MAC address resolution, n to enable network address

resolution, and t to enable transport-layer port number resolution.

This overrides -n if both -N and -n are present. The letter C enables

concurrent (asynchronous) DNS lookups.

-o <preference/recent settings> Sets a preference or recent value, overriding the default value and

any value read from a preference/recent file. The argument to the

flag is a string of the form prefname:value, where prefname is the

name of the preference (which is the same name that would appear

in the preference/recent file), and value is the value to which it

should be set. Multiple instances of -o <preference settings> can

be given on a single command line.

An example of setting a single preference would be:

wireshark -o mgcp.display_dissect_tree:TRUE

An example of setting multiple preferences would be:

wireshark -o mgcp.display_dissect_tree:TRUE -o

mgcp.udp.callagent_port:2627

Tip!

You can get a list of all available preference strings

from the preferences file, see Appendix A, Files and

Folders.

User access tables can be overridden using "uat," followed by the

UAT file name and a valid record for the file:

wireshark -o "uat:user_dlts:\"User 0 (DLT=147)\",\"http\",

\"0\",\"\",\"0\",\"\""

The example above would dissect packets with a libpcap data

link type 147 as HTTP, just as if you had configured it in the

DLT_USER protocol preferences.