This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Load capture file from command line, using wireshark.exe

0

How do I load capture file from command line, using wireshark.exe

I am unable to load a pcap file into the GUI of Wireshark via a command line load, using run of wireshark.exe. I will put in some options and display filters on the load later. Right now I cannot even seem to get the GUI to load pointing at a pcap. I can open the pcap in the GUI by just bringing up the GUI "FIRST" and then opening the pcap, but this way of loading is not going to work for my purposes.

asked 15 Mar '17, 11:20

tptools's gravatar image

tptools
6112
accept rate: 0%


One Answer:

2

Use

wireshark -r filename

You can see all command line parameters by running

wireshark -h

answered 15 Mar '17, 11:25

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Tried that and doesn't work:

C:\Program Files\Wireshark>wireshark -r D:\Capture\shark 01 now is the Time.pcapng
(15 Mar '17, 11:39) tptools

If your filename has spaces, use quotation marks:

C:\Program Files\Wireshark>wireshark -r "D:\Capture\shark 01 now is the Time.pcapng"
(15 Mar '17, 11:40) Jasper ♦♦

Figured it out, and is not documented ANYWHERE.. CANNOT have any spaces in the filename of the pcap.

(15 Mar '17, 13:24) tptools

This is NOT good when one uses Wireshark and pcaps within for "forensic" purposes, as I do. Especially when one must maintain MD5 hashes of the files used for evidence and during research of.

(15 Mar '17, 13:27) tptools

Not true. You should have read my comment about putting the filename in quotation marks. And this is not the fault of Wireshark, it's command line behavior that is the same for all programs you run.

(15 Mar '17, 13:57) Jasper ♦♦