Start ethereal from the command line, Section 9.2 – Lucent Technologies Ethereal User Manual

Page 156

Advertising
background image

9.2. Start Ethereal from the command line

You can start Ethereal from the command line, but it can also be started from most Window man-
agers as well. In this section we will look at starting it from the command line.

Ethereal supports a large number of command line parameters. To see what they are, simply enter
the command ethereal -h and the help information shown in

Example 9.1, “Help information avail-

able from Ethereal”

(or something similar) should be printed.

Example 9.1. Help information available from Ethereal

This is GNU ethereal 0.10.11

(C) 1998-2005 Gerald Combs <[email protected]>

Compiled with GTK+ 2.4.14, with GLib 2.4.7, with WinPcap (version unknown),
with libz 1.2.2, with libpcre 4.4, with Net-SNMP 5.1.2, with ADNS.

Running with WinPcap version 3.1 beta4 (packet.dll version 3, 1, 0, 24), based o
n libpcap version 0.8.3 on Windows XP Service Pack 1, build 2600.

ethereal [ -vh ] [ -klLnpQS ] [ -a <capture autostop condition> ] ...

[ -b <capture ring buffer option> ] ...] [ -B capture buffer size (Win32 only) ]
[ -c <capture packet count> ] [ -f <capture filter> ]
[ -g <packet number> ]
[ -i <capture interface> ] [ -m <font> ] [ -N <name resolving flags> ]
[ -o <preference/recent setting> ] ...
[ -r <infile> ] [ -R <read (display) filter> ] [ -s <capture snaplen> ]
[ -t <time stamp format> ]
[ -w <savefile> ] [ -y <capture link type> ] [ -z <statistics> ]
[ <infile> ]

We will examine each of the command line options in turn.

The first thing to notice is that issuing the command ethereal by itself will bring up Ethereal.
However, you can include as many of the command line parameters as you like. Their meanings are
as follows ( in alphabetical order ): XXX - is the alphabetical order a good choice? Maybe better
task based?

-a <capture autostop condition>

Specify a criterion that specifies when Ethereal is to stop
writing to a capture file. The criterion is of the form
test:value, where test is one of:

:v
al
durationue

Stop writing to a capture file after value of
seconds have elapsed.

:val
filesizeue

Stop writing to a capture file after it reaches a
size of value kilobytes (where a kilobyte is
1000 bytes, not 1024 bytes). If this option is
used together with the -b option, Ethereal will
stop writing to the current capture file and
switch to the next one if filesize is reached.

files:value

Stop writing to capture files after value number
of files were written.

-b <capture ring buffer option>

If a maximum capture file size was specified, cause Ethereal
to run in "ring buffer" mode, with the specified number of
files. In "ring buffer" mode, Ethereal will write to several cap-
ture files. Their name is based on the number of the file and

Customizing Ethereal

142

Advertising
Popular Brands
Popular manuals