Wireshark Internal command line tools

Wireshark Internal command line tools

Wireshark Internal command line tools

Internal  command line tools  are shipped together with Wireshark. These tools are useful to work with capture files.

 

  • capinfos is a program that reads a saved capture file and returns any or all of several statistics about that file

  • dumpcap a small program whose only purpose is to capture network traffic, while retaining advanced features like capturing to multiple files (since version 0.99.0). Dumpcap is the engine under the Wireshark/tshark hood. For long-term capturing, this is the tool you want.

  • editcap edit and/or translate the format of capture files

  • mergecap merges multiple capture files into one

  • randpkt random packet generator

  • rawshark dump and analyze raw libpcap data

  • reordercap reorder input file by timestamp into output file

  • text2pcap generates a capture file from an ASCII hexdump of packets

  • tshark is the command-line equivalent of Wireshark, similar in many respects to tcpdump/WinDump but with many more features. Learn it, use 

Leave a comment