osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Add an option to capinfos to print start and end times as seconds, which 

makes time-shifting using editcap easier. Sort the flags in the capinfos
man page alphabetically to match the other man pages. Add a
time-shifting example to the mergecap man page.

svn path=/trunk/; revision=31905
This commit is contained in:
Gerald Combs 2010-02-17 20:15:50 +00:00
parent 088cddca99
commit 23a90258fb
3 changed files with 195 additions and 146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
capinfos.c
View File

@ -130,6 +130,7 @@ static gboolean cap_data_size = TRUE; /* Report packet byte size */
static gboolean cap_duration = TRUE; /* Report capture duration */
static gboolean cap_start_time = TRUE; /* Report capture start time */
static gboolean cap_end_time = TRUE; /* Report capture end time */
static gboolean time_as_secs = FALSE; /* Report time values as raw seconds */
static gboolean cap_data_rate_byte = TRUE; /* Report data rate bytes/sec */
static gboolean cap_data_rate_bit = TRUE; /* Report data rate bites/sec */
@ -249,6 +250,28 @@ ctime_no_lf(const time_t* timer)
return(time_string);
}
static gchar *
time_string(const time_t *timer, capture_info *cf_info, gboolean want_lf)
{
gchar *lf = want_lf ? "\n" : "";
static gchar time_string[15];
if (cf_info->packet_count > 0) {
if (time_as_secs) {
/* XXX - Would it be useful to show sub-second precision? */
g_snprintf(time_string, 15, "%lu%s", (unsigned long) *timer, lf);
return time_string;
} else if (want_lf) {
return ctime(timer);
} else {
return ctime_no_lf(timer);
}
}
g_snprintf(time_string, 15, "n/a%s", lf);
return time_string;
}
static double
secs_nsecs(const struct wtap_nstime * nstime)
{
@ -282,8 +305,8 @@ print_stats(const gchar *filename, capture_info *cf_info)
if (cap_file_size) printf ("File size: %" G_GINT64_MODIFIER "d bytes\n", cf_info->filesize);
if (cap_data_size) printf ("Data size: %" G_GINT64_MODIFIER "u bytes\n", cf_info->packet_bytes);
if (cap_duration) print_value("Capture duration: ", 0, " seconds", cf_info->duration);
if (cap_start_time) printf ("Start time: %s", (cf_info->packet_count>0) ? ctime (&start_time_t) : "n/a\n");
if (cap_end_time) printf ("End time: %s", (cf_info->packet_count>0) ? ctime (&stop_time_t) : "n/a\n");
if (cap_start_time) printf ("Start time: %s", time_string(&start_time_t, cf_info, TRUE));
if (cap_end_time) printf ("End time: %s", time_string(&stop_time_t, cf_info, TRUE));
if (cap_data_rate_byte) print_value("Data byte rate: ", 2, " bytes/sec", cf_info->data_rate);
if (cap_data_rate_bit) print_value("Data bit rate: ", 2, " bits/sec", cf_info->data_rate*8);
if (cap_packet_size) printf ("Average packet size: %.2f bytes\n", cf_info->packet_size);
@ -412,14 +435,14 @@ print_stats_table(const gchar *filename, capture_info *cf_info)
if (cap_start_time) {
putsep();
putquote();
printf("%s", (cf_info->packet_count>0) ? ctime_no_lf (&start_time_t) : "n/a");
printf("%s", time_string(&start_time_t, cf_info, FALSE));
putquote();
}
if (cap_end_time) {
putsep();
putquote();
printf("%s", (cf_info->packet_count>0) ? ctime_no_lf (&stop_time_t) : "n/a");
printf("%s", time_string(&stop_time_t, cf_info, FALSE));
putquote();
}
@ -611,6 +634,7 @@ usage(gboolean is_error)
fprintf(output, " -u display the capture duration (in seconds)\n");
fprintf(output, " -a display the capture start time\n");
fprintf(output, " -e display the capture end time\n");
fprintf(output, " -S display start and end times as seconds\n");
fprintf(output, "\n");
fprintf(output, "Statistic infos:\n");
fprintf(output, " -y display average data rate (in bytes/sec)\n");
@ -710,7 +734,7 @@ main(int argc, char *argv[])
/* Process the options */
while ((opt = getopt(argc, argv, "tEcs" FILE_HASH_OPT "duaeyizvhxCALTRrNqQBmb")) !=-1) {
while ((opt = getopt(argc, argv, "tEcs" FILE_HASH_OPT "duaeyizvhxCALTRrSNqQBmb")) !=-1) {
switch (opt) {
@ -754,6 +778,10 @@ main(int argc, char *argv[])
cap_end_time = TRUE;
break;
case 'S':
time_as_secs = TRUE;
break;
case 'y':
if (report_all_infos) disable_all_infos();
cap_data_rate_byte = TRUE;

288
doc/capinfos.pod
View File

@ -6,32 +6,33 @@ capinfos - Prints information about capture files
=head1 SYNOPSIS
B<capinfos>
S<[ B<-t> ]>
S<[ B<-E> ]>
S<[ B<-c> ]>
S<[ B<-s> ]>
S<[ B<-d> ]>
S<[ B<-u> ]>
S<[ B<-a> ]>
S<[ B<-e> ]>
S<[ B<-y> ]>
S<[ B<-i> ]>
S<[ B<-z> ]>
S<[ B<-x> ]>
S<[ B<-H> ]>
S<[ B<-L> ]>
S<[ B<-T> ]>
S<[ B<-R> ]>
S<[ B<-r> ]>
S<[ B<-B> ]>
S<[ B<-m> ]>
S<[ B<-A> ]>
S<[ B<-b> ]>
S<[ B<-B> ]>
S<[ B<-c> ]>
S<[ B<-C> ]>
S<[ B<-d> ]>
S<[ B<-e> ]>
S<[ B<-E> ]>
S<[ B<-h> ]>
S<[ B<-H> ]>
S<[ B<-i> ]>
S<[ B<-L> ]>
S<[ B<-m> ]>
S<[ B<-N> ]>
S<[ B<-q> ]>
S<[ B<-Q> ]>
S<[ B<-h> ]>
S<[ B<-C> ]>
S<[ B<-A> ]>
S<[ B<-r> ]>
S<[ B<-R> ]>
S<[ B<-s> ]>
S<[ B<-S> ]>
S<[ B<-t> ]>
S<[ B<-T> ]>
S<[ B<-u> ]>
S<[ B<-x> ]>
S<[ B<-y> ]>
S<[ B<-z> ]>
E<lt>I<infile>E<gt>
I<...>
@ -66,39 +67,6 @@ the same way B<Capinfos> handles this.
=over 4
=item -t
Displays the capture type of the capture file.
=item -E
Displays the per-file encapsulation of the capture file.
=item -c
Displays the number of packets in the capture file.
=item -s
Displays the size of the file, in bytes. This reports
the size of the capture file itself.
=item -d
Displays the total length of all packets in the file, in
bytes. This counts the size of the packets as they appeared
in their original form, not as they appear in this file.
For example, if a packet was originally 1514 bytes and only
256 of those bytes were saved to the capture file (if packets
were captured with a snaplen or other slicing option),
B<Capinfos> will consider the packet to have been 1514 bytes.
=item -u
Displays the capture duration, in seconds. This is the
difference in time between the earliest packet seen and
latest packet seen.
=item -a
Displays the start time of the capture. B<Capinfos> considers
@ -107,79 +75,12 @@ first packet in the capture is not necessarily the earliest -
if packets exist "out-of-order", time-wise, in the capture,
B<Capinfos> detects this.
=item -e
=item -A
Displays the end time of the capture. B<Capinfos> considers
the latest timestamp seen to be the end time, so the
last packet in the capture is not necessarily the latest -
if packets exist "out-of-order", time-wise, in the capture,
B<Capinfos> detects this.
=item -y
Displays the average data rate, in bytes/sec
=item -i
Displays the average data rate, in bits/sec
=item -z
Displays the average packet size, in bytes
=item -x
Displays the average packet rate, in packets/sec
=item -H
Displays the SHA1, RIPEMD160, and MD5 hashes for the file.
=item -L
Generate long report. Capinfos can generate two
different styles of reports. The "long" report is
the default style of output and is suitable for a
human to use.
=item -T
Generate a table report. A table report is a text file
that is suitable for importing into a spreadsheet or
database. Capinfos can build a tab delimited text file
(the default) or several variations on Comma-separated
values (CSV) files.
=item -R
Generate header record. This option is only useful
when generating a table style report (-T). A header
is generated by default. A header record (if generated)
is the first line of data reported and includes labels
for all the columns included within the table report.
=item -r
Do not generate header record. This option is only
useful when generating a table style report (-T).
If this option is specified then B<no> header record will be
generated within the table report.
=item -B
Separate the infos with ASCII TAB characters.
This option is only useful when generating a table
style report (-T). The various info values will be
separated (delimited) from one another with a single
ASCII TAB character. The TAB character is the default
delimiter when -T style report is enabled.
=item -m
Separate the infos with comma (,) characters. This option
is only useful when generating a table style report (-T).
The various info values will be separated (delimited)
from one another with a single comma "," character.
Generate all infos. By default capinfos will display
all infos values for each input file, but enabling
any of the individual display infos options will
disable the generate all option.
=item -b
@ -194,6 +95,78 @@ of the value fields contain SPACE characters. This
option is of limited value unless one of the quoting
options (-q or -Q) is also specified.
=item -B
Separate the infos with ASCII TAB characters.
This option is only useful when generating a table
style report (-T). The various info values will be
separated (delimited) from one another with a single
ASCII TAB character. The TAB character is the default
delimiter when -T style report is enabled.
=item -c
Displays the number of packets in the capture file.
=item -C
Cancel processing any additional files if and
when capinfos should fail to open an input file.
By default capinfos will attempt to open each and
every file name argument.
Note: An error message will be written to stderr
whenever capinfos fails to open a file regardless
of whether the -C option is specified or not.
=item -d
Displays the total length of all packets in the file, in
bytes. This counts the size of the packets as they appeared
in their original form, not as they appear in this file.
For example, if a packet was originally 1514 bytes and only
256 of those bytes were saved to the capture file (if packets
were captured with a snaplen or other slicing option),
B<Capinfos> will consider the packet to have been 1514 bytes.
=item -e
Displays the end time of the capture. B<Capinfos> considers
the latest timestamp seen to be the end time, so the
last packet in the capture is not necessarily the latest -
if packets exist "out-of-order", time-wise, in the capture,
B<Capinfos> detects this.
=item -E
Displays the per-file encapsulation of the capture file.
=item -h
Prints the help listing and exits.
=item -H
Displays the SHA1, RIPEMD160, and MD5 hashes for the file.
=item -i
Displays the average data rate, in bits/sec
=item -L
Generate long report. Capinfos can generate two
different styles of reports. The "long" report is
the default style of output and is suitable for a
human to use.
=item -m
Separate the infos with comma (,) characters. This option
is only useful when generating a table style report (-T).
The various info values will be separated (delimited)
from one another with a single comma "," character.
=item -N
Do not quote the infos. This option is only useful
@ -223,27 +196,60 @@ characters. This option (when used with the -m
option) is useful for generating the most common
type of CSV style file report.
=item -h
=item -r
Prints the help listing and exits.
Do not generate header record. This option is only
useful when generating a table style report (-T).
If this option is specified then B<no> header record will be
generated within the table report.
=item -C
=item -R
Cancel processing any additional files if and
when capinfos should fail to open an input file.
By default capinfos will attempt to open each and
every file name argument.
Generate header record. This option is only useful
when generating a table style report (-T). A header
is generated by default. A header record (if generated)
is the first line of data reported and includes labels
for all the columns included within the table report.
Note: An error message will be written to stderr
whenever capinfos fails to open a file regardless
of whether the -C option is specified or not.
=item -s
=item -A
Displays the size of the file, in bytes. This reports
the size of the capture file itself.
Generate all infos. By default capinfos will display
all infos values for each input file, but enabling
any of the individual display infos options will
disable the generate all option.
=item -S
Display the start and end times as seconds since January
1, 1970. Handy for synchronizing dumps using B<editcap -t>.
=item -t
Displays the capture type of the capture file.
=item -T
Generate a table report. A table report is a text file
that is suitable for importing into a spreadsheet or
database. Capinfos can build a tab delimited text file
(the default) or several variations on Comma-separated
values (CSV) files.
=item -u
Displays the capture duration, in seconds. This is the
difference in time between the earliest packet seen and
latest packet seen.
=item -x
Displays the average packet rate, in packets/sec
=item -y
Displays the average data rate, in bytes/sec
=item -z
Displays the average packet size, in bytes
=back

15
doc/mergecap.pod
View File

@ -119,6 +119,21 @@ fddi>' is specified).
=back
=head1 EXAMPLES
To merge two capture files together, 100 seconds apart use:
capinfos -aeS a.pcap b.pcap
(Let's suppose a.pcap starts at 1009932757 and b.pcap ends
at 873660281. 1009932757 - 873660281 - 100 = 136272376
seconds.)
editcap -t 136272376 b.pcap b-shifted.pcap
mergecap -w compare.pcap a.pcap b-shifted.pcap
=back
=head1 SEE ALSO
tcpdump(8), pcap(3), wireshark(1), tshark(1), dumpcap(1), editcap(1),