← 返回命令列表

Linux command

wireshark 命令

文本

复制后可按需替换文件名、目录或参数。

常用示例

Start Wireshark

wireshark

Open a capture file

wireshark [capture.pcapng]

Start capturing

wireshark -i [eth0] -k

Capture with a BPF capture filter

wireshark -i [eth0] -f "port 80" -k

Open a file with a display filter applied

wireshark -Y "http.request" -r [capture.pcapng]

Capture to a file

wireshark -i [eth0] -w [output.pcapng] -a duration:[60]

List available capture interfaces

wireshark -D

说明

Wireshark is a graphical network protocol analyzer for capturing and interactively analyzing network traffic. It decodes hundreds of protocols and provides detailed packet information in a user-friendly interface. The application displays packets in a three-pane window: packet list, packet details (protocol tree), and packet bytes. Powerful display filters allow isolating specific traffic patterns. Capture filters reduce capture file size. Wireshark is the industry standard for network troubleshooting, security analysis, protocol development, and education. It supports live capture from numerous interface types and can read many capture file formats.

参数

-i _interface_
Capture on specified interface.
-f _filter_
Capture filter (BPF syntax).
-Y _filter_
Display filter.
-w _file_
Write capture to file.
-r _file_
Read capture file.
-a _condition_
Autostop condition (duration, filesize, packets).
-b _option_
Ring buffer options.
-k
Start capturing immediately.
-D
List available interfaces.
-S
Update packet list in real-time during capture.
-c _count_
Stop capture after receiving this many packets.
-n
Disable network name resolution.
-o _preference:value_
Set a preference value (overrides preferences file).
-X _extension_option_
Specify an extension option (e.g., lua_script:myscript.lua).
--fullscreen
Start Wireshark in full-screen mode.
--list-time-stamp-types
List timestamp types for interface.

FAQ

What is the wireshark command used for?

Wireshark is a graphical network protocol analyzer for capturing and interactively analyzing network traffic. It decodes hundreds of protocols and provides detailed packet information in a user-friendly interface. The application displays packets in a three-pane window: packet list, packet details (protocol tree), and packet bytes. Powerful display filters allow isolating specific traffic patterns. Capture filters reduce capture file size. Wireshark is the industry standard for network troubleshooting, security analysis, protocol development, and education. It supports live capture from numerous interface types and can read many capture file formats.

How do I run a basic wireshark example?

Run `wireshark` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -i _interface_ do in wireshark?

Capture on specified interface.