This site was behind a Cloudflare proxy between September 22, 2016 and February 18th, 2017 and might be subject to sensitive information leaks. See this blog post for more details.

Was wireshark meant to be used with command lines or was it meant to be used with the GUI provided? Is there a good command line guide?

asked 04 Jan '13, 12:38

dalawh's gravatar image

accept rate: 0%

Wireshark is meant to be used with the GUI, although there are some command line options available (see the output of "wireshark -h" for details).

There is a CLI version of wireshark called "tshark" which is installed when installing wireshark. See "tshark -h" for more details.

If this does not answer your question, could you be a little more specific what you need help with?


answered 04 Jan '13, 12:44

SYN-bit's gravatar image

SYN-bit ♦♦
accept rate: 20%

  • Is the GUI version more developed or is the command line version? It seems you can't tcp dump using the GUI or am I wrong?
  • Is there a tutorial on using wireshark through command line or can everything be found using "wireshark -h"?
  • What is the difference between using wireshark and tshark command if we are typing these commands into the command prompt?
(04 Jan '13, 12:52) dalawh
  • Wireshark and tshark both use the same dissection engine, although some output might be different in wireshark and tshark because tshark runs through the capture file in one sequential run while wireshark will run through the file once and then a second time to display the packet details (tshark has the -2 option to do the same, but that is still experimental)
  • There is no tutorial, but there are the user's guide and manual pages
  • The difference between wireshark and tshark is that typing wireshark from the command line will open up a GUI window running wireshark and tshark will show text output in the terminal window.
(04 Jan '13, 13:06) SYN-bit ♦♦

I don't know what "tcp dump" means; if you mean "capture traffic the same way tcpdump does" (in which case you should have said "capture network traffic" rather than "tcp dump" or even "tcpdump"), you can capture traffic from the GUI - either select an interface from the main window and click "Start", or click "Capture Options" or select "Options" from the "Capture" menu and set up a capture.

(05 Jan '13, 14:40) Guy Harris ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: 04 Jan '13, 12:38

Seen: 13,182 times

Last updated: 05 Jan '13, 14:40

p​o​w​e​r​e​d by O​S​Q​A