seguridad/2.- Ejercicios/reto_seguridad/capturas/WiresharkPortable64/App/Wireshark/dumpcap.html

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="generator" content="Asciidoctor 2.0.17">
<title>dumpcap(1)</title>
<link rel="stylesheet" href="./ws.css">
</head>
<body class="manpage">
<div id="header">
<h1>dumpcap(1) Manual Page</h1>
<h2 id="_name">NAME</h2>
<div class="sectionbody">
<p>dumpcap - Dump network traffic</p>
</div>
</div>
<div id="content">
<div class="sect1">
<h2 id="_synopsis">SYNOPSIS</h2>
<div class="sectionbody">
<div class="paragraph">
<p><span class="nowrap"><strong>dumpcap</strong></span>
<span class="nowrap">[ <strong>-a</strong>|<strong>--autostop</strong> &lt;capture autostop condition&gt; ] &#8230;&#8203;</span>
<span class="nowrap">[ <strong>-b</strong>|<strong>--ring-buffer</strong> &lt;capture ring buffer option&gt; ] &#8230;&#8203;</span>
<span class="nowrap">[ <strong>-B</strong>|<strong>--buffer-size</strong> &lt;capture buffer size&gt; ]</span>
<span class="nowrap">[ <strong>-c</strong> &lt;capture packet count&gt; ]</span>
<span class="nowrap">[ <strong>-C</strong> &lt;byte limit&gt; ]</span>
<span class="nowrap">[ <strong>-d</strong> ]</span>
<span class="nowrap">[ <strong>-D</strong>|<strong>--list-interfaces</strong> ]</span>
<span class="nowrap">[ <strong>-f</strong> &lt;capture filter&gt; ]</span>
<span class="nowrap">[ <strong>-g</strong> ]</span>
<span class="nowrap">[ <strong>-h</strong>|<strong>--help</strong> ]</span>
<span class="nowrap">[ <strong>-i</strong>|<strong>--interface</strong> &lt;capture interface&gt;|rpcap://&lt;host&gt;:&lt;port&gt;/&lt;capture interface&gt;|TCP@&lt;host&gt;:&lt;port&gt;|- ]</span>
<span class="nowrap">[ <strong>-I</strong>|<strong>--monitor-mode</strong> ]</span>
<span class="nowrap">[ <strong>-k</strong> &lt;freq&gt;,[&lt;type&gt;],[&lt;center_freq1&gt;],[&lt;center_freq2&gt;] ]</span>
<span class="nowrap">[ <strong>-L</strong>|<strong>--list-data-link-types</strong> ]</span>
<span class="nowrap">[ <strong>-M</strong> ]</span>
<span class="nowrap">[ <strong>-n</strong> ]</span>
<span class="nowrap">[ <strong>-N</strong> &lt;packet limit&gt; ]</span>
<span class="nowrap">[ <strong>-p</strong>|<strong>--no-promiscuous-mode</strong> ]</span>
<span class="nowrap">[ <strong>--ifdescr</strong> &lt;description&gt; ]</span>
<span class="nowrap">[ <strong>--ifname</strong> &lt;name&gt; ]</span>
<span class="nowrap">[ <strong>-P</strong> ]</span>
<span class="nowrap">[ <strong>-q</strong> ]</span>
<span class="nowrap">[ <strong>-s</strong>|<strong>--snapshot-length</strong> &lt;capture snaplen&gt; ]</span>
<span class="nowrap">[ <strong>-S</strong> ]</span>
<span class="nowrap">[ <strong>-t</strong> ]</span>
<span class="nowrap">[ <strong>--temp-dir</strong> &lt;directory&gt; ]</span>
<span class="nowrap">[ <strong>-v</strong>|<strong>--version</strong> ]</span>
<span class="nowrap">[ <strong>-w</strong> &lt;outfile&gt; ]</span>
<span class="nowrap">[ <strong>-y</strong>|<strong>--linktype</strong> &lt;capture link type&gt; ]</span>
<span class="nowrap">[ <strong>--capture-comment</strong> &lt;comment&gt; ]</span>
<span class="nowrap">[ <strong>--list-time-stamp-types</strong> ]</span>
<span class="nowrap">[ <strong>--time-stamp-type</strong> &lt;type&gt; ]</span></p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_description">DESCRIPTION</h2>
<div class="sectionbody">
<div class="paragraph">
<p><strong>Dumpcap</strong> is a network traffic dump tool.  It lets you capture packet
data from a live network and write the packets to a file.  <strong>Dumpcap</strong>'s
default capture file format is <strong>pcapng</strong> format.
When the <strong>-P</strong> option is specified, the output file is written in the
<strong>pcap</strong> format.</p>
</div>
<div class="paragraph">
<p>Without any options set it will use the libpcap, Npcap, or WinPcap library to
capture traffic from the first available network interface and writes
the received raw packet data, along with the packets' time stamps into a
pcap file.</p>
</div>
<div class="paragraph">
<p>If the <strong>-w</strong> option is not specified, <strong>Dumpcap</strong> writes to a newly
created pcap file with a randomly chosen name.
If the <strong>-w</strong> option is specified, <strong>Dumpcap</strong> writes to the file
specified by that option.</p>
</div>
<div class="paragraph">
<p>Packet capturing is performed with the pcap library.  The capture filter
syntax follows the rules of the pcap library.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_options">OPTIONS</h2>
<div class="sectionbody">
<div class="dlist">
<dl>
<dt class="hdlist1">-a|--autostop  &lt;capture autostop condition&gt;</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Specify a criterion that specifies when <strong>Dumpcap</strong> is to stop writing
to a capture file.  The criterion is of the form <em>test:value</em>,
where <em>test</em> is one of:</p>
</div>
<div class="paragraph">
<p><strong>duration</strong>:<em>value</em> Stop writing to a capture file after <em>value</em> seconds have
elapsed. Floating point values (e.g. 0.5) are allowed.</p>
</div>
<div class="paragraph">
<p><strong>files</strong>:<em>value</em> Stop writing to capture files after <em>value</em> number of files
were written.</p>
</div>
<div class="paragraph">
<p><strong>filesize</strong>:<em>value</em> Stop writing to a capture file after it reaches a size of
<em>value</em> kB. If this option is used together with the -b option, dumpcap will
stop writing to the current capture file and switch to the next one if filesize
is reached.  Note that the filesize is limited to a maximum value of 2 GiB.</p>
</div>
<div class="paragraph">
<p><strong>packets</strong>:<em>value</em> Stop writing to a capture file after <em>value</em> packets
have been written. Acts the same as <strong>-c</strong> &lt;capture packet count&gt;.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">-b|--ring-buffer  &lt;capture ring buffer option&gt;</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Cause <strong>Dumpcap</strong> to run in "multiple files" mode.  In "multiple files" mode,
<strong>Dumpcap</strong> will write to several capture files. When the first capture file
fills up, <strong>Dumpcap</strong> will switch writing to the next file and so on.</p>
</div>
<div class="paragraph">
<p>The created filenames are based on the filename given with the <strong>-w</strong> option,
the number of the file and on the creation date and time,
e.g. outfile_00001_20230714120117.pcap, outfile_00002_20230714120523.pcap, &#8230;&#8203;</p>
</div>
<div class="paragraph">
<p>With the <em>files</em> option it&#8217;s also possible to form a "ring buffer".
This will fill up new files until the number of files specified,
at which point <strong>Dumpcap</strong> will discard the data in the first file and start
writing to that file and so on. If the <em>files</em> option is not set,
new files filled up until one of the capture stop conditions match (or
until the disk is full).</p>
</div>
<div class="paragraph">
<p>The criterion is of the form <em>key:value</em>,
where <em>key</em> is one of:</p>
</div>
<div class="paragraph">
<p><strong>duration</strong>:<em>value</em> switch to the next file after <em>value</em> seconds have
elapsed, even if the current file is not completely filled up. Floating
point values (e.g. 0.5) are allowed.</p>
</div>
<div class="paragraph">
<p><strong>files</strong>:<em>value</em> begin again with the first file after <em>value</em> number of
files were written (form a ring buffer).  This value must be less than 100000.
Caution should be used when using large numbers of files: some filesystems do
not handle many files in a single directory well.  The <strong>files</strong> criterion
requires either <strong>duration</strong>, <strong>interval</strong> or <strong>filesize</strong> to be specified to
control when to go to the next file.  It should be noted that each <strong>-b</strong>
parameter takes exactly one criterion; to specify two criterion, each must be
preceded by the <strong>-b</strong> option.</p>
</div>
<div class="paragraph">
<p><strong>filesize</strong>:<em>value</em> switch to the next file after it reaches a size of
<em>value</em> kB.  Note that the filesize is limited to a maximum value of 2 GiB.</p>
</div>
<div class="paragraph">
<p><strong>interval</strong>:<em>value</em> switch to the next file when the time is an exact
multiple of <em>value</em> seconds.  For example, use 3600 to switch to a new file
every hour on the hour.</p>
</div>
<div class="paragraph">
<p><strong>packets</strong>:<em>value</em> switch to the next file after it contains <em>value</em>
packets.</p>
</div>
<div class="paragraph">
<p><strong>printname</strong>:<em>filename</em> print the name of the most recently written file
to <em>filename</em> after the file is closed. <em>filename</em> can be <code>stdout</code> or <code>-</code>
for standard output, or <code>stderr</code> for standard error.</p>
</div>
<div class="paragraph">
<p>Example: <strong>-b filesize:1000 -b files:5</strong> results in a ring buffer of five files
of size one megabyte each.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">-B|--buffer-size  &lt;capture buffer size&gt;</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Set capture buffer size (in MiB, default is 2 MiB).  This is used by
the capture driver to buffer packet data until that data can be written
to disk.  If you encounter packet drops while capturing, try to increase
this size.  Note that, while <strong>Dumpcap</strong> attempts to set the buffer size
to 2 MiB by default, and can be told to set it to a larger value, the
system or interface on which you&#8217;re capturing might silently limit the
capture buffer size to a lower value or raise it to a higher value.</p>
</div>
<div class="paragraph">
<p>This is available on UNIX systems with libpcap 1.0.0 or later and on
Windows.  It is not available on UNIX systems with earlier versions of
libpcap.</p>
</div>
<div class="paragraph">
<p>This option can occur multiple times. If used before the first
occurrence of the <strong>-i</strong> option, it sets the default capture buffer size.
If used after an <strong>-i</strong> option, it sets the capture buffer size for
the interface specified by the last <strong>-i</strong> option occurring before
this option. If the capture buffer size is not set specifically,
the default capture buffer size is used instead.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">-c  &lt;capture packet count&gt;</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Set the maximum number of packets to read when capturing live
data. Acts the same as <strong>-a packets:</strong>&lt;capture packet count&gt;.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">-C  &lt;byte limit&gt;</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Limit the amount of memory in bytes used for storing captured packets
in memory while processing it.
If used in combination with the <strong>-N</strong> option, both limits will apply.
Setting this limit will enable the usage of the separate thread per interface.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">-d</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Dump the code generated for the capture filter in a human-readable form,
and exit.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">-D|--list-interfaces</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Print a list of the interfaces on which <strong>Dumpcap</strong> can capture, and
exit.  For each network interface, a number and an
interface name, possibly followed by a text description of the
interface, is printed.  The interface name or the number can be supplied
to the <strong>-i</strong> option to specify an interface on which to capture.</p>
</div>
<div class="paragraph">
<p>This can be useful on systems that don&#8217;t have a command to list them
(UNIX systems lacking <strong>ifconfig -a</strong> or Linux systems lacking
<strong>ip link show</strong>). The number can be useful on Windows systems, where
the interface name might be a long name or a GUID.</p>
</div>
<div class="paragraph">
<p>Note that "can capture" means that <strong>Dumpcap</strong> was able to open
that device to do a live capture. Depending on your system you may need to
run dumpcap from an account with special privileges (for example, as root)
to be able to capture network traffic.
If "<strong>dumpcap -D</strong>" is not run from such an account, it will not list
any interfaces.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">-f  &lt;capture filter&gt;</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Set the capture filter expression.</p>
</div>
<div class="paragraph">
<p>The entire filter expression must be specified as a single argument (which means
that if it contains spaces, it must be quoted).</p>
</div>
<div class="paragraph">
<p>This option can occur multiple times. If used before the first
occurrence of the <strong>-i</strong> option, it sets the default capture filter expression.
If used after an <strong>-i</strong> option, it sets the capture filter expression for
the interface specified by the last <strong>-i</strong> option occurring before
this option. If the capture filter expression is not set specifically,
the default capture filter expression is used if provided.</p>
</div>
<div class="paragraph">
<p>Pre-defined capture filter names, as shown in the GUI menu item Capture&#8594;Capture Filters,
can be used by prefixing the argument with "predef:".
Example: <strong>-f "predef:MyPredefinedHostOnlyFilter"</strong></p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">-g</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>This option causes the output file(s) to be created with group-read permission
(meaning that the output file(s) can be read by other members of the calling
user&#8217;s group).</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">-h|--help</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Print the version and options and exits.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">-i|--interface  &lt;capture interface&gt;|rpcap://&lt;host&gt;:&lt;port&gt;/&lt;capture interface&gt;|TCP@&lt;host&gt;:&lt;port&gt;|-</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Set the name of the network interface or pipe to use for live packet
capture.</p>
</div>
<div class="paragraph">
<p>Network interface names should match one of the names listed in
"<strong>dumpcap -D</strong>" (described above); a number, as reported by
"<strong>dumpcap -D</strong>", can also be used.  If you&#8217;re using UNIX, "<strong>netstat
 -i</strong>", "<strong>ifconfig -a</strong>" or "<strong>ip link</strong>" might also work to list interface names,
although not all versions of UNIX support the <strong>-a</strong> option to <strong>ifconfig</strong>.</p>
</div>
<div class="paragraph">
<p>If no interface is specified, <strong>Dumpcap</strong> searches the list of
interfaces, choosing the first non-loopback interface if there are any
non-loopback interfaces, and choosing the first loopback interface if
there are no non-loopback interfaces. If there are no interfaces at all,
<strong>Dumpcap</strong> reports an error and doesn&#8217;t start the capture.</p>
</div>
<div class="paragraph">
<p>Pipe names should be either the name of a FIFO (named pipe) or "-" to
read data from the standard input.  On Windows systems, pipe names must be
of the form "\\.\pipe\<strong>pipename</strong>".  Data read from pipes must be in
standard pcapng or pcap format. Pcapng data must have the same
endianness as the capturing host.</p>
</div>
<div class="paragraph">
<p>"TCP@&lt;host&gt;:&lt;port&gt;" causes <strong>Dumpcap</strong> to attempt to connect to the
specified port on the specified host and read pcapng or pcap data.</p>
</div>
<div class="paragraph">
<p>This option can occur multiple times. When capturing from multiple
interfaces, the capture file will be saved in pcapng format.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">--ifdescr&gt; &lt;description&gt;</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Use <em>description</em> as the description in the capture file for the
interface or pipe specified before it with <strong>-i</strong>.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">--ifname&gt; &lt;name&gt;</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Use <em>name</em> as the name in the capture file for the interface or
pipe specified before it with <strong>-i</strong>.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">-I|--monitor-mode</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Put the interface in "monitor mode"; this is supported only on IEEE
802.11 Wi-Fi interfaces, and supported only on some operating systems.</p>
</div>
<div class="paragraph">
<p>Note that in monitor mode the adapter might disassociate from the
network with which it&#8217;s associated, so that you will not be able to use
any wireless networks with that adapter.  This could prevent accessing
files on a network server, or resolving host names or network addresses,
if you are capturing in monitor mode and are not connected to another
network with another adapter.</p>
</div>
<div class="paragraph">
<p>This option can occur multiple times. If used before the first
occurrence of the <strong>-i</strong> option, it enables the monitor mode for all interfaces.
If used after an <strong>-i</strong> option, it enables the monitor mode for
the interface specified by the last <strong>-i</strong> option occurring before
this option.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">-k  &lt;freq&gt;,[&lt;type&gt;],[&lt;center_freq1&gt;],[&lt;center_freq2&gt;&gt;</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Set the channel on the interface; this is supported only on IEEE
802.11 Wi-Fi interfaces, and supported only on some operating systems.</p>
</div>
<div class="paragraph">
<p><em>freq</em> is the frequency of the channel.  <em>type</em> is the type of the
channel, for 802.11n and 802.11ac.  The values for <em>type</em> are</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">NOHT</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Used for non-802.11n/non-802.1ac channels</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">HT20</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>20 MHz channel</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">HT40-</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>40 MHz primary channel and a lower secondary channel</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">HT40+</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>40 MHz primary channel and a higher secondary channel</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">HT80</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>80 MHz channel, with <em>centerfreq1</em> as its center frequency</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">VHT80+80</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>two 80 MHz channels combined, with <em>centerfreq1</em> and <em>centerfreq2</em> as
the center frequencies of the two channels</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">VHT160</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>160 MHz channel, with <em>centerfreq1</em> as its center frequency</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">-L|--list-data-link-types</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>List the data link types supported by the interface and exit. The reported
link types can be used for the <strong>-y</strong> option.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">-M</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>When used with <strong>-D</strong>, <strong>-L</strong>, <strong>-S</strong> or <strong>--list-time-stamp-types</strong> print
machine-readable output.
The machine-readable output is intended to be read by <strong>Wireshark</strong> and
<strong>TShark</strong>; its format is subject to change from release to release.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">-n</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Save files as pcapng. This is the default.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">-N  &lt;packet limit&gt;</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Limit the number of packets used for storing captured packets
in memory while processing it.
If used in combination with the <strong>-C</strong> option, both limits will apply.
Setting this limit will enable the usage of the separate thread per interface.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">-p|--no-promiscuous-mode</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p><em>Don&#8217;t</em> put the interface into promiscuous mode.  Note that the
interface might be in promiscuous mode for some other reason; hence,
<strong>-p</strong> cannot be used to ensure that the only traffic that is captured is
traffic sent to or from the machine on which <strong>Dumpcap</strong> is running,
broadcast traffic, and multicast traffic to addresses received by that
machine.</p>
</div>
<div class="paragraph">
<p>This option can occur multiple times. If used before the first
occurrence of the <strong>-i</strong> option, no interface will be put into the
promiscuous mode.
If used after an <strong>-i</strong> option, the interface specified by the last <strong>-i</strong>
option occurring before this option will not be put into the
promiscuous mode.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">-P</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Save files as pcap instead of the default pcapng. In situations that require
pcapng, such as capturing from multiple interfaces, this option will be
overridden.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">-q</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>When capturing packets, don&#8217;t display the continuous count of packets
captured that is normally shown when saving a capture to a file;
instead, just display, at the end of the capture, a count of packets
captured.  On systems that support the SIGINFO signal, such as various
BSDs, you can cause the current count to be displayed by typing your
"status" character (typically control-T, although it
might be set to "disabled" by default on at least some BSDs, so you&#8217;d
have to explicitly set it to use it).</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">-s|--snapshot-length  &lt;capture snaplen&gt;</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Set the default snapshot length to use when capturing live data.
No more than <em>snaplen</em> bytes of each network packet will be read into
memory, or saved to disk.  A value of 0 specifies a snapshot length of
262144, so that the full packet is captured; this is the default.</p>
</div>
<div class="paragraph">
<p>This option can occur multiple times. If used before the first
occurrence of the <strong>-i</strong> option, it sets the default snapshot length.
If used after an <strong>-i</strong> option, it sets the snapshot length for
the interface specified by the last <strong>-i</strong> option occurring before
this option. If the snapshot length is not set specifically,
the default snapshot length is used if provided.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">-S</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Print statistics for each interface once every second.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">-t</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Use a separate thread per interface.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">--temp-dir &lt;directory&gt;</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Specifies the directory into which temporary files (including capture files)
are to be written. The default behaviour is to use your system&#8217;s temporary
directory (typically <em>/tmp</em> on Linux, and <em>C:\\Temp</em> on Windows).</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">-v|--version</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Print the version and exit.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">-w  &lt;outfile&gt;</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Write raw packet data to <em>outfile</em>. Use "-" for stdout.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">-y|--linktype  &lt;capture link type&gt;</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Set the data link type to use while capturing packets.  The values
reported by <strong>-L</strong> are the values that can be used.</p>
</div>
<div class="paragraph">
<p>This option can occur multiple times. If used before the first
occurrence of the <strong>-i</strong> option, it sets the default capture link type.
If used after an <strong>-i</strong> option, it sets the capture link type for
the interface specified by the last <strong>-i</strong> option occurring before
this option. If the capture link type is not set specifically,
the default capture link type is used if provided.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">--capture-comment  &lt;comment&gt;</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Add a capture comment to the output file, if supported by the output
file format.</p>
</div>
<div class="paragraph">
<p>This option is only available if we output the captured packets to a
single file.</p>
</div>
<div class="paragraph">
<p>This option may be specified multiple times.  Note that Wireshark
currently only displays the first comment of a capture file.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">--list-time-stamp-types</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>List time stamp types supported for the interface. If no time stamp type can be
set, no time stamp types are listed.</p>
</div>
</div>
</div>
</dd>
<dt class="hdlist1">--time-stamp-type  &lt;type&gt;</dt>
<dd>
<div class="openblock">
<div class="content">
<div class="paragraph">
<p>Change the interface&#8217;s timestamp method.</p>
</div>
</div>
</div>
</dd>
</dl>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_diagnostic_options">DIAGNOSTIC OPTIONS</h2>
<div class="sectionbody">
<div class="dlist">
<dl>
<dt class="hdlist1">--log-level &lt;level&gt;</dt>
<dd>
<p>Set the active log level.
Supported levels in lowest to highest order are "noisy", "debug", "info", "message", "warning", "critical", and "error".
Messages at each level and higher will be printed, for example "warning" prints "warning", "critical", and "error" messages and "noisy" prints all messages.
Levels are case insensitive.</p>
</dd>
<dt class="hdlist1">--log-fatal &lt;level&gt;</dt>
<dd>
<p>Abort the program if any messages are logged at the specified level or higher.
For example, "warning" aborts on any "warning", "critical", or "error" messages.</p>
</dd>
</dl>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">--log-domains &lt;list&gt;</dt>
<dd>
<p>Only print messages for the specified log domains, e.g. "GUI,Epan,sshdump".
List of domains must be comma-separated.</p>
</dd>
<dt class="hdlist1">--log-debug &lt;list&gt;</dt>
<dd>
<p>Force the specified domains to log at the "debug" level.
List of domains must be comma-separated.</p>
</dd>
<dt class="hdlist1">--log-noisy &lt;list&gt;</dt>
<dd>
<p>Force the specified domains to log at the "noisy" level.
List of domains must be comma-separated.</p>
</dd>
<dt class="hdlist1">--log-file &lt;path&gt;</dt>
<dd>
<p>Write log messages and stderr output to the specified file.</p>
</dd>
</dl>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_capture_filter_syntax">CAPTURE FILTER SYNTAX</h2>
<div class="sectionbody">
<div class="paragraph">
<p>See the manual page of <a href="https://www.tcpdump.org/manpages/pcap-filter.7.html">pcap-filter</a>(7) or, if that doesn&#8217;t exist, <a href="https://www.tcpdump.org/manpages/tcpdump.1.html">tcpdump</a>(8),
or, if that doesn&#8217;t exist, <a href="https://gitlab.com/wireshark/wireshark/-/wikis/CaptureFilters" class="bare">https://gitlab.com/wireshark/wireshark/-/wikis/CaptureFilters</a>.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_see_also">SEE ALSO</h2>
<div class="sectionbody">
<div class="paragraph">
<p><a href="wireshark.html">wireshark</a>(1), <a href="tshark.html">tshark</a>(1), <a href="editcap.html">editcap</a>(1), <a href="mergecap.html">mergecap</a>(1), <a href="capinfos.html">capinfos</a>(1), <a href="https://www.tcpdump.org/manpages/pcap.3pcap.html">pcap</a>(3),
<a href="https://www.tcpdump.org/manpages/pcap-filter.7.html">pcap-filter</a>(7) or <a href="https://www.tcpdump.org/manpages/tcpdump.1.html">tcpdump</a>(8)</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_notes">NOTES</h2>
<div class="sectionbody">
<div class="paragraph">
<p>This is the manual page for <strong>Dumpcap</strong> 4.0.5.
<strong>Dumpcap</strong> is part of the <strong>Wireshark</strong> distribution.
The latest version of <strong>Wireshark</strong> can be found at <a href="https://www.wireshark.org" class="bare">https://www.wireshark.org</a>.</p>
</div>
<div class="paragraph">
<p>HTML versions of the Wireshark project man pages are available at
<a href="https://www.wireshark.org/docs/man-pages" class="bare">https://www.wireshark.org/docs/man-pages</a>.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_authors">AUTHORS</h2>
<div class="sectionbody">
<div class="paragraph">
<p><strong>Dumpcap</strong> is derived from the <strong>Wireshark</strong> capturing engine code;
see the list of
authors in the <strong>Wireshark</strong> man page for a list of authors of that code.</p>
</div>
</div>
</div>
</div>
</body>
</html>