Wireshark includes a number of command-line utilities to manipulate packet trace files and offer GUI-free packet captures, and there are a few other tools that can help round out your analysis toolset.
The topics that will be covered in this chapter include:
When you install Wireshark, a range of command-line tools also gets installed, including:
capinfos.exe
: This prints information about trace filesdumpcap.exe
: This captures packets and saves to a libpcap format fileeditcap.exe
: This splits a trace file, alters timestamps, and removes duplicate packetsmergecap.exe
: This merges two or more packet files into one filerawshark.exe
: This reads a stream of packets and prints field descriptionstext2pcap.exe
: This reads an ASCII hex dump and writes a libpcap filetshark.exe
: This captures network packets or displays data from a saved trace fileThe Wireshark.exe
file launches the GUI version you're familiar with, but you can also launch Wireshark from the command line with a number of parameters; type Wireshark –h
for a list of options and/or create shortcuts to launch Wireshark with any of those options.