The WireShark command line tools

88 0 3 0

Hello, guys!

Welcome to the community! Today I will share with you about WireShark tools. From the post, you can learn about the role of tools and find the links to download tools.


Some command line tools are shipped together with WireShark. There tools are useful to work with capture files.

  • capinfos is a program that reads a saved capture file and returns any or all of several statistics about that file.

  • dumpcap a small program whose only purpose is to capture network traffic, while retaining advanced features like capturing to multiple .files (since version 0.99.0). Dumpcap is the engine under the Wireshark/tshark hood. For long-term capturing, this is the tool you want.

  • editcap edit and/or translate the format of capture files.

  • mergecap merges multiple capture files into one.

  • randpkt random packet generator.

  • rawshark dump and analyze raw libpcap data.

  • reordercapreorder input file by timestamp into output file.

  • text2pcap generates a capture file from an ASCII hexdump of packets.

  • tshark is the command-line equivalent of Wireshark, similar in many respects to tcpdump/WinDump but with many more features. Learn it, use it, love it.


  • dumpcap.bat A batch file front-end for dumpcap.exe. It allows you to save dumpcap.exe settings, be notified of capture events or trigger dumpcap.exe capturing after a capture event occurs. It also provides hooks for performing custom actions through user-defined batch files, among other things. In order to get the most out of this batch file, it is recommended that you also download Handle.exe as well as mailsend1.17b14.exe, being sure to rename it to mailsend.exe. These executables should be saved either in a directory that is in your PATH or in the same directory as dumpcap.bat itself. (GPL, Windows).

  • maxfiles.bat A batch file to limit either the number of files in a directory to a specified limit, or the total disk space consumed by those files or both.

  • menushark, a Bourne shell menu script to allow users to employ the use of tshark by answering a few menu questions. The script also gives you the command that the menu system has made to try to teach you how to use tshark at the command line.

  • mpeg_dump, a Lua script that adds a Wireshark extension to dump MPEG-2 transport stream packets (ISO/IEC 13818-1) from a network capture to a file, for example, to extract one or more mpeg PIDs that were transported via UDP unicast or multicast.

  • osXextraction, a macOS bash script to extract particular packet types from a capture file (NOTE: it's not very macOS-specific - some small changes should allow it to work on other UN*Xes, and would probably allow it to work on Windows with Cygwin as well.).

  • RtpDumpScript, a perl script to dump RTP audio data.

  • RtpH263DumpScript, a perl script to dump H.263 video data.

  • tektronix2pcap, a script to convert Tektronix rf5 files to pcap format that can be loaded into Wireshark. Note that current versions of Wireshark can directly read rf5  binary captures.

  • update-ws-profiles and update-ws-profiles.bat automate changing strings in a collection of Wireshark profiles, e.g. changing "gui.filter_expressions.expr: eth.addr==11:22:33:44:55:66" to "gui.filter_expressions.expr: eth.addr==66:55:44:33:22:11".

  • update_geoip.bat A batch file inspired by Jasper Bongertz's UpdateGeoIPDB.cmd file that makes it easier to update the MaxMind GeoIP database files. (GPL, Windows).


  • dumpcapui - A GUI front-end for dumpcap.exe that helps you in setting up dumpcap.exe captures and allows storing and retrieving of those settings at a later time. 

  • Net::Sharktools - Use Wireshark's packet dissection engine from Perl.

  • Packet Dump Decode (pdd) is a simple and convenient GUI wrapper around the Wireshark tools to convert packet hexdumps into well formatted xml (viz. text2pcap and tshark). Using pdd, you just need to copy-paste the hexdump into pdd and hit the "Decode" button.

  • Packet Hexdump Decoder (phd) is a web-based utility that uses Wireshark tools to decode packet hexdumps online.

  • Sharktools - Use Wireshark's packet dissection engine from Matlab and Python.

  • - Web interface using sharkd as backend. 

  • Termshark - Terminal user interface for tshark. Written in Go, supports Linux/macOS/FreeBSD/Windows. 

Download the tools:

That is all, thanks!

  • x
  • convention:


You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits