dumpcap --version (return code: 0)
dumpcap: cap_set_proc() fail return: Operation not permitted dumpcap: cap_set_proc() fail return: Operation not permitted Dumpcap (Wireshark) 2.4.0 (Git Rev Unknown from unknown) Copyright 1998-2017 Gerald Combs <email@example.com> and contributors. License GPLv2+: GNU GPL version 2 or later <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html> This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) with GLib 2.53.4, with zlib 1.2.11, with libpcap, with POSIX capabilities (Linux), with libnl 3. Running on Linux 4.10.0-35-generic, with Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz (with SSE4.2), with 16006 MB of physical memory, with locale C, with libpcap version 1.8.1, with zlib 1.2.11. Built using gcc 7.1.0.
dumpcap --help (return code: 0)
dumpcap: cap_set_proc() fail return: Operation not permitted dumpcap: cap_set_proc() fail return: Operation not permitted Dumpcap (Wireshark) 2.4.0 (Git Rev Unknown from unknown) Capture network packets and dump them into a pcapng or pcap file. See https://www.wireshark.org for more information. Usage: dumpcap [options] ... Capture interface: -i <interface> name or idx of interface (def: first non-loopback), or for remote capturing, use one of these formats: rpcap://<host>/<interface> TCP@<host>:<port> -f <capture filter> packet filter in libpcap filter syntax -s <snaplen> packet snapshot length (def: appropriate maximum) -p don't capture in promiscuous mode -I capture in monitor mode, if available -B <buffer size> size of kernel buffer in MiB (def: 2MiB) -y <link type> link layer type (def: first appropriate) -D print list of interfaces and exit -L print list of link-layer types of iface and exit -d print generated BPF code for capture filter -k set channel on wifi interface: <freq>,[<type>],[<center_freq1>],[<center_freq2>] -S print statistics for each interface once per second -M for -D, -L, and -S, produce machine-readable output Stop conditions: -c <packet count> stop after n packets (def: infinite) -a <autostop cond.> ... duration:NUM - stop after NUM seconds filesize:NUM - stop this file after NUM KB files:NUM - stop after NUM files Output (files): -w <filename> name of file to save (def: tempfile) -g enable group read access on the output file(s) -b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs filesize:NUM - switch to next file after NUM KB files:NUM - ringbuffer: replace after NUM files -n use pcapng format instead of pcap (default) -P use libpcap format instead of pcapng --capture-comment <comment> add a capture comment to the output file (only for pcapng) Miscellaneous: -N <packet_limit> maximum number of packets buffered within dumpcap -C <byte_limit> maximum number of bytes used for buffering packets within dumpcap -t use a separate thread per interface -q don't report packet capture counts -v print version information and exit -h display this help and exit WARNING: dumpcap will enable kernel BPF JIT compiler if available. You might want to reset it By doing "echo 0 > /proc/sys/net/core/bpf_jit_enable" Example: dumpcap -i eth0 -a duration:60 -w output.pcapng "Capture packets from interface eth0 until 60s passed into output.pcapng" Use Ctrl-C to stop capturing at any time.