Customizing Ethereal

9.2. Start Ethereal from the command line

You can start Ethereal from the command line, but it can also be started from most Window man- agers as well. In this section we will look at starting it from the command line.

Ethereal supports a large number of command line parameters. To see what they are, simply enter the command ethereal -hand the help information shown in Example 9.1, “Help information avail- able from Ethereal” (or something similar) should be printed.

Example 9.1. Help information available from Ethereal

This is GNU ethereal 0.10.11

(C) 1998-2005 Gerald Combs <gerald@ethereal.com>

Compiled with GTK+ 2.4.14, with GLib 2.4.7, with WinPcap (version unknown), with libz 1.2.2, with libpcre 4.4, with Net-SNMP 5.1.2, with ADNS.

Running with WinPcap version 3.1 beta4 (packet.dll version 3, 1, 0, 24), based n libpcap version 0.8.3 on Windows XP Service Pack 1, build 2600.

ethereal [ -vh ] [ -klLnpQS ] [ -a <capture autostop condition> ] ...

[ -b <capture ring buffer option> ] ...] [ -B capture buffer size (Win3 [ -c <capture packet count> ] [ -f <capture filter> ]

[ -g <packet number> ]

[ -i <capture interface> ] [ -m <font> ] [ -N <name resolving flags> ] [ -o <preference/recent setting> ] ...

[ -r <infile> ] [ -R <read (display) filter> ] [ -s <capture snaplen> ] [ -t <time stamp format> ]

[ -w <savefile> ] [ -y <capture link type> ] [ -z <statistics> ] [ <infile> ]

We will examine each of the command line options in turn.

The first thing to notice is that issuing the command ethereal by itself will bring up Ethereal. However, you can include as many of the command line parameters as you like. Their meanings are as follows ( in alphabetical order ): XXX - is the alphabetical order a good choice? Maybe better task based?

-a <capture autostop condition> Specify a criterion that specifies when Ethereal is to stop writing to a capture file. The criterion is of the form test:value, where test is one of:

:v

Stop writing to a capture file after value of

al

seconds have elapsed.

durationue

 

:val

Stop writing to a capture file after it reaches a

filesizeue

size of value kilobytes (where a kilobyte is

 

1000 bytes, not 1024 bytes). If this option is

 

used together with the -b option, Ethereal will

 

stop writing to the current capture file and

 

switch to the next one if filesize is reached.

files:value

Stop writing to capture files after value number

 

of files were written.

-b <capture ring buffer option> If a maximum capture file size was specified, cause Ethereal to run in "ring buffer" mode, with the specified number of files. In "ring buffer" mode, Ethereal will write to several cap- ture files. Their name is based on the number of the file and

142

Page 155 Page 157
Page 156
Image 156
Lucent Technologies manual Start Ethereal from the command line, Example 9.1. Help information available from Ethereal
Page 155 Page 157
Top Page Image Contents