This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark command line?

0

Was wireshark meant to be used with command lines or was it meant to be used with the GUI provided? Is there a good command line guide?

asked 04 Jan '13, 12:38

dalawh's gravatar image

dalawh
1335
accept rate: 0%


One Answer:

1

Wireshark is meant to be used with the GUI, although there are some command line options available (see the output of "wireshark -h" for details).

There is a CLI version of wireshark called "tshark" which is installed when installing wireshark. See "tshark -h" for more details.

If this does not answer your question, could you be a little more specific what you need help with?

answered 04 Jan '13, 12:44

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

  • Is the GUI version more developed or is the command line version? It seems you can't tcp dump using the GUI or am I wrong?
  • Is there a tutorial on using wireshark through command line or can everything be found using "wireshark -h"?
  • What is the difference between using wireshark and tshark command if we are typing these commands into the command prompt?
(04 Jan '13, 12:52) dalawh
  • Wireshark and tshark both use the same dissection engine, although some output might be different in wireshark and tshark because tshark runs through the capture file in one sequential run while wireshark will run through the file once and then a second time to display the packet details (tshark has the -2 option to do the same, but that is still experimental)
  • There is no tutorial, but there are the user's guide and manual pages
  • The difference between wireshark and tshark is that typing wireshark from the command line will open up a GUI window running wireshark and tshark will show text output in the terminal window.
(04 Jan '13, 13:06) SYN-bit ♦♦

I don't know what "tcp dump" means; if you mean "capture traffic the same way tcpdump does" (in which case you should have said "capture network traffic" rather than "tcp dump" or even "tcpdump"), you can capture traffic from the GUI - either select an interface from the main window and click "Start", or click "Capture Options" or select "Options" from the "Capture" menu and set up a capture.

(05 Jan '13, 14:40) Guy Harris ♦♦