2012-10-03 12:22:08 +00:00
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
|
|
|
reordercap - Reorder input file by timestamp into output file
|
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
2013-05-20 01:41:52 +00:00
|
|
|
B<reordercap>
|
2012-10-04 18:24:21 +00:00
|
|
|
S<[ B<-n> ]>
|
2012-10-03 12:22:08 +00:00
|
|
|
E<lt>I<infile>E<gt> E<lt>I<outfile>E<gt>
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
|
|
B<Reordercap> is a program that reads an input capture file and rewrites the
|
|
|
|
frames to an output capture file, but with the frames sorted by increasing
|
|
|
|
timestamp.
|
|
|
|
|
|
|
|
This functionality may be useful when capture files have been created by
|
|
|
|
combining frames from more than one well-synchronised source, but the
|
2012-10-03 18:03:01 +00:00
|
|
|
frames have not been combined in strict time order.
|
2012-10-03 12:22:08 +00:00
|
|
|
|
|
|
|
B<Reordercap> writes the output capture file in the same format as the input
|
|
|
|
capture file.
|
|
|
|
|
|
|
|
B<Reordercap> is able to detect, read and write the same capture files that
|
|
|
|
are supported by B<Wireshark>.
|
|
|
|
The input file doesn't need a specific filename extension; the file
|
2013-05-20 01:41:52 +00:00
|
|
|
format and an optional gzip compression will be detected automatically.
|
2012-10-03 12:22:08 +00:00
|
|
|
Near the beginning of the DESCRIPTION section of wireshark(1) or
|
|
|
|
L<http://www.wireshark.org/docs/man-pages/wireshark.html>
|
|
|
|
is a detailed description of the way B<Wireshark> handles this, which is
|
2013-05-20 01:41:52 +00:00
|
|
|
the same way B<reordercap> handles this.
|
|
|
|
|
|
|
|
=head1 OPTIONS
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
=item -n
|
|
|
|
|
|
|
|
When the B<-n> option is used, B<reordercap> will not write out the output
|
|
|
|
file if it finds that the input file is already in order.
|
2012-10-03 12:22:08 +00:00
|
|
|
|
2013-05-20 14:56:18 +00:00
|
|
|
=back
|
|
|
|
|
2012-10-03 12:22:08 +00:00
|
|
|
=head1 SEE ALSO
|
|
|
|
|
|
|
|
pcap(3), wireshark(1), tshark(1), dumpcap(1), editcap(1), mergecap(1),
|
2013-05-20 02:21:07 +00:00
|
|
|
text2pcap(1), pcap-filter(7) or tcpdump(8)
|
2012-10-03 12:22:08 +00:00
|
|
|
|
|
|
|
=head1 NOTES
|
|
|
|
|
|
|
|
B<Reordercap> is part of the B<Wireshark> distribution. The latest version
|
|
|
|
of B<Wireshark> can be found at L<http://www.wireshark.org>.
|
|
|
|
|
2013-05-20 01:41:52 +00:00
|
|
|
It may make sense to move this functionality into B<editcap>, or perhaps
|
|
|
|
B<mergecap>, in which case B<reordercap> could be retired.
|
2012-10-03 12:22:08 +00:00
|
|
|
|
|
|
|
HTML versions of the Wireshark project man pages are available at:
|
|
|
|
L<http://www.wireshark.org/docs/man-pages>.
|
|
|
|
|
|
|
|
=head1 AUTHORS
|
|
|
|
|
|
|
|
Original Author
|
|
|
|
-------- ------
|
|
|
|
Martin Mathieson <martin.r.mathieson[AT]googlemail.com>
|
|
|
|
|