Re: Displaying Cisco Cable Monitor and Intercept Traffic

[Guy Harris <guy () alum mit edu>]

On Aug 25, 2010, at 12:48 PM, Martin Dubuc wrote:

> Do you know if there is a wireshark parameter that can be passed to the command line that would have the same effect 
> than invoking the menu from the GUI?

Nothing in Wireshark, but, in TShark:

$ man tshark
TSHARK(1)               The Wireshark Network Analyzer               TSHARK(1)



NAME
       tshark - Dump and analyze network traffic

        ...

       -d  <layer type>==<selector>,<decode-as protocol>
           Like Wireshark's Decode As... feature, this lets you specify how a
           layer type should be dissected. If the layer type in question (for
           example, tcp.port or udp.port for a TCP or UDP port number) has the
           specified selector value, packets should be dissected as the
           specified protocol.

           Example: -d tcp.port==8888,http will decode any traffic running
           over TCP port 8888 as HTTP.

           Using an invalid selector or protocol will print out a list of
           valid selectors and protocol names, respectively.

           Example: -d . is a quick way to get a list of valid selectors.

           Example: -d ethertype==0x0800. is a quick way to get a list of
           protocols that can be selected with an ethertype.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe