Rawshark reads a stream of packets from a file or pipe, and prints a
line describing its output, followed by a set of matching fields for
each packet on stdout. For more information on rawshark
consult your
local manual page (man rawshark
) or
the online version.
Help information available from rawshark
.
Rawshark (Wireshark) 4.1.0 (v4.1.0rc0-2069-g25ff48a96ac0) Dump and analyze network traffic. See https://www.wireshark.org for more information. Usage: rawshark [options] ... Input file: -r <infile> set the pipe or file name to read from Processing: -d <encap:linktype>|<proto:protoname> packet encapsulation or protocol -F <field> field to display -m virtual memory limit, in bytes -n disable all name resolutions (def: "mNd" enabled, or as set in preferences) -N <name resolve flags> enable specific name resolution(s): "mnNtdv" -p use the system's packet header format (which may have 64-bit timestamps) -R <read filter> packet filter in Wireshark display filter syntax -s skip PCAP header on input --enable-protocol <proto_name> enable dissection of proto_name --disable-protocol <proto_name> disable dissection of proto_name --enable-heuristic <short_name> enable dissection of heuristic protocol --disable-heuristic <short_name> disable dissection of heuristic protocol Output: -l flush output after each packet -S format string for fields (%D - name, %S - stringval, %N numval) -t (a|ad|adoy|d|dd|e|r|u|ud|udoy)[.[N]]|.[N] output format of time stamps (def: r: rel. to first) -u s|hms output format of seconds (def: s: seconds) Diagnostic output: --log-level <level> sets the active log level ("critical", "warning", etc.) --log-fatal <level> sets level to abort the program ("critical" or "warning") --log-domains <[!]list> comma-separated list of the active log domains --log-fatal-domains <list> list of domains that cause the program to abort --log-debug <[!]list> list of domains with "debug" level --log-noisy <[!]list> list of domains with "noisy" level --log-file <path> file to output messages to (in addition to stderr) Miscellaneous: -h, --help display this help and exit -v, --version display version info and exit -o <name>:<value> ... override preference setting -K <keytab> keytab file to use for kerberos decryption