Wireshark

E:\Program Files\Wireshark>tshark -h 
TShark 1.4.3 (SVN Rev 35482 from /trunk-1.4) 
Dump and analyze network traffic. 
See https://www.wireshark.org/ for more information. 

Copyright 1998-2011 Gerald Combs <gerald@wireshark.org> and contributors. 
This is free software; see the source for copying conditions. There is NO 
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 

Usage: tshark [options] ... 

Capture interface: 
  -i <interface>           name or idx of interface (def: first non-loopback) 
  -f <capture filter>      packet filter in libpcap filter syntax 
  -s <snaplen>             packet snapshot length (def: 65535) 
  -p                       don't capture in promiscuous mode 
  -B <buffer size>         size of kernel buffer (def: 1MB) 
  -y <link type>           link layer type (def: first appropriate) 
  -D                       print list of interfaces and exit 
  -L                       print list of link-layer types of iface and exit 

Capture stop conditions: 
  -c <packet count>        stop after n packets (def: infinite) 
  -a <autostop cond.> ...  duration:NUM - stop after NUM seconds 
                           filesize:NUM - stop this file after NUM KB 
                              files:NUM - stop after NUM files 
Capture output: 
  -b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs 
                           filesize:NUM - switch to next file after NUM KB 
                              files:NUM - ringbuffer: replace after NUM files 
Input file: 
  -r <infile>              set the filename to read from (no pipes or stdin!) 

Processing: 
  -R <read filter>         packet filter in Wireshark display filter syntax 
  -n                       disable all name resolutions (def: all enabled) 
  -N <name resolve flags>  enable specific name resolution(s): "mntC" 
  -d <layer_type>==<selector>,<decode_as_protocol> ... 
                           "Decode As", see the man page for details 
                           Example: tcp.port==8888,http 
Output: 
  -w <outfile|->           write packets to a pcap-format file named "outfile" 
                           (or to the standard output for "-") 
  -C <config profile>      start with specified configuration profile 
  -F <output file type>    set the output file type, default is libpcap 
                           an empty "-F" option will list the file types 
  -V                       add output of packet tree        (Packet Details) 
  -S                       display packets even when writing to a file 
  -x                       add output of hex and ASCII dump (Packet Bytes) 
  -T pdml|ps|psml|text|fields 
                           format of text output (def: text) 
  -e <field>               field to print if -Tfields selected (e.g. tcp.port); 
                           this option can be repeated to print multiple fields 
  -E<fieldsoption>=<value> set options for output when -Tfields selected: 
     header=y|n            switch headers on and off 
     separator=/t|/s|<char> select tab, space, printable character as separator 
     occurrence=f|l|a      print first, last or all occurrences of each field 
     aggregator=,|/s|<char> select comma, space, printable character as aggregator 
     quote=d|s|n           select double, single, no quotes for values 
  -t ad|a|r|d|dd|e         output format of time stamps (def: r: rel. to first) 
  -u s|hms                 output format of seconds (def: s: seconds) 
  -l                       flush standard output after each packet 
  -q                       be more quiet on stdout (e.g. when using statistics) 
  -X <key>:<value>         eXtension options, see the man page for details 
  -z <statistics>          various statistics, see the man page for details 

Miscellaneous: 
  -h                       display this help and exit 
  -v                       display version info and exit 
  -o <name>:<value> ...    override preference setting 
  -K <keytab>              keytab file to use for kerberos decryption 
  -G [report]              dump one of several available reports and exit 
                           default report="fields" 
                           use "-G ?" for more help 

E:\Program Files\Wireshark>tshark -D 
1. \Device\NPF_GenericDialupAdapter (Adapter for generic dialup and VPN capture) 
2. \Device\NPF_{3D53B16A-CA09-4B31-8009-F04D0035E7B9} (Broadcom NetXtreme Gigabit Ethernet Dri 
3. \Device\NPF_{5C66DCA0-EEAF-48E9-96B2-2F3634784E50} (MS Tunnel Interface Driver) 
4. \Device\NPF_{A74E80E9-4F67-4F39-ADB1-92D304398178} (ADMtek AN983/AN985/ADM951X NDIS5 Driver 
5. \Device\NPF_{D473CDDF-2E14-4811-A028-F1961A433CF3} (Intel(R) PRO/Wireless 2200BG Network Co 

E:\Program Files\Wireshark>tshark -i 2 -w f:\capture-test 
Capturing on Broadcom NetXtreme Gigabit Ethernet Driver 
40 


E:\Program Files\Wireshark>dir f:\capture-test 
 Le volume dans le lecteur F s'appelle PO61085 
 Le numéro de série du volume est 4771-5710 

 Répertoire de f:\ 

08/04/2011  20:18             6 923 capture-test 
               1 fichier(s)            6 923 octets 
               0 Rép(s)  13 229 043 712 octets libres 

E:\Program Files\Wireshark>