Wireshark-users: Re: [Wireshark-users] wireshark cli
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 3 Sep 2010 13:28:34 -0700
On Sep 3, 2010, at 1:06 PM, freebie wrote:

> could "wireshark" be started with cli or i have o install "wireshark-lite"?

What do you mean by "be started with cli"?

You can run Wireshark as a command (its name is all lower-case as a command).  However, it still puts up a GUI; it is a GUI application, and will always be one (its whole *purpose* is to be a GUI network analyzer - if it weren't a GUI application, it wouldn't be Wireshark).

If you want a non-GUI equivalent, see TShark (its name is also all lower-case as a command), which comes with Wireshark (in some Linux distributions, there are multiple packages, one of which has the non-GUI parts, including TShark, and one of which has Wireshark).

If you just want to capture traffic, with a minimal UI, use dumpcap (which also comes with Wireshark; it's what both Wireshark and TShark run to do traffic capture, so that it can be privileged enough to capture traffic without having to give those privileges to the huge chunks of code that are Wireshark and TShark and the libraries they use).