Rawshark reads a stream of packets from a file or pipe, and prints a line describing its output, followed by a set of matching fields for each packet on stdout.
Example D.3. Help information available from rawshark
$ rawshark -h Rawshark 1.4.0 Dump and analyze network traffic. See http://www.wireshark.org for more information. Copyright 1998-2010 Gerald Combs <[email protected]> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Usage: rawshark [options] ... Input file: -r <infile> set the pipe or file name to read from Processing: -R <read filter> packet filter in Wireshark display filter syntax -F <field> field to display -s skip PCAP header on input -n disable all name resolution (def: all enabled) -N <name resolve flags> enable specific name resolution(s): "mntC" -d <encap:dlt>|<proto:protoname> packet encapsulation or protocol Output: -S format string for fields (%D - name, %S - stringval, %N numval) -t ad|a|r|d|dd|e output format of time stamps (def: r: rel. to first) -l flush output after each packet Miscellaneous: -h display this help and exit -v display version info and exit -o <name>:<value> ... override preference setting