If you specify the "-Q" flag, it starts a capture immediately and, when
you stop the capture, Wireshark exits.
This is left over from when Wireshark implemented "Update list of
packets in real time" captures by running another copy of Wireshark to
do the capture and to send messages to the main Wireshark as packets
arrive; that other copy was run with "-Q", so it would exit when the
capture was complete.
Wireshark no longer implementes "Update list of packets in real time"
captures in that fashion; instead, it runs dumpcap.
"-Q" doesn't appear to be useful for any other purposes - if you run a
capture like that, you see the capture as it happens, but, when you stop
the capture, Wireshark shuts down so you don't see any of the traffic.
If you want to start a Wireshark capture from the command line, and
*not* have Wireshark exit when the capture is stopped, you can use the
"-k" flag.
I have plans to use "-Q" to specify an 802.11 channel on which to
capture in monitor mode in tcpdump, TShark, dumpcap, and Wireshark; "-Q"
is available in all of those programs except Wireshark, and it doesn't
appear to do anything useful in Wireshark.
Would anybody miss the current "-Q" flag if it went away?
