Wireshark Internal command line tools

Wireshark Internal command line tools

Internal  command line tools  are shipped together with Wireshark. These tools are useful to work with capture files.


  • capinfos is a program that reads a saved capture file and returns any or all of several statistics about that file

  • dumpcap a small program whose only purpose is to capture network traffic, while retaining advanced features like capturing to multiple files (since version 0.99.0). Dumpcap is the engine under the Wireshark/tshark hood. For long-term capturing, this is the tool you want.

  • editcap edit and/or translate the format of capture files

  • mergecap merges multiple capture files into one

  • randpkt random packet generator

  • rawshark dump and analyze raw libpcap data

  • reordercap reorder input file by timestamp into output file

  • text2pcap generates a capture file from an ASCII hexdump of packets

  • tshark is the command-line equivalent of Wireshark, similar in many respects to tcpdump/WinDump but with many more features. Learn it, use 

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.