On Aug 25, 2010, at 12:48 PM, Martin Dubuc wrote:
> Do you know if there is a wireshark parameter that can be passed to the command line that would have the same effect than invoking the menu from the GUI?
Nothing in Wireshark, but, in TShark:
$ man tshark
TSHARK(1) The Wireshark Network Analyzer TSHARK(1)
NAME
tshark - Dump and analyze network traffic
...
-d <layer type>==<selector>,<decode-as protocol>
Like Wireshark's Decode As... feature, this lets you specify how a
layer type should be dissected. If the layer type in question (for
example, tcp.port or udp.port for a TCP or UDP port number) has the
specified selector value, packets should be dissected as the
specified protocol.
Example: -d tcp.port==8888,http will decode any traffic running
over TCP port 8888 as HTTP.
Using an invalid selector or protocol will print out a list of
valid selectors and protocol names, respectively.
Example: -d . is a quick way to get a list of valid selectors.
Example: -d ethertype==0x0800. is a quick way to get a list of
protocols that can be selected with an ethertype.