forked from osmocom/wireshark
Update text2pcap documentation
Various parts of the text2pcap documentation need some fixing up. This change brings them back in line and up to date with current features. Change-Id: I038cf5c4943d2a4bbcc3d0fbd8f5e111dcf0d0a9 Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl> Reviewed-on: https://code.wireshark.org/review/30754 Tested-by: Petri Dish Buildbot Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This commit is contained in:
parent
0c5ec47aae
commit
36d26b38d7
|
@ -28,6 +28,8 @@ S<[ B<-t> E<lt>timefmtE<gt> ]>
|
|||
S<[ B<-T> E<lt>srcportE<gt>,E<lt>destportE<gt> ]>
|
||||
S<[ B<-u> E<lt>srcportE<gt>,E<lt>destportE<gt> ]>
|
||||
S<[ B<-v> ]>
|
||||
S<[ B<-4> E<lt>srcipE<gt>,E<lt>destipE<gt> ]>
|
||||
S<[ B<-6> E<lt>srcipE<gt>,E<lt>destipE<gt> ]>
|
||||
E<lt>I<infile>E<gt>|-
|
||||
E<lt>I<outfile>E<gt>|-
|
||||
|
||||
|
@ -115,8 +117,8 @@ multiple times to generate more debugging information.
|
|||
=item -D
|
||||
|
||||
The text before the packet starts either with an I or O indicating that
|
||||
the packet is inbound or outbound.
|
||||
This is only stored if the output format is pcapng.
|
||||
the packet is inbound or outbound. This is used when generating dummy headers.
|
||||
The indication is only stored if the output format is pcapng.
|
||||
|
||||
=item -e E<lt>l3pidE<gt>
|
||||
|
||||
|
@ -246,8 +248,8 @@ Example: I<-4 10.0.0.1,10.0.0.2> to use 10.0.0.1 and 10.0.0.2 for all IP packets
|
|||
Prepend dummy IP header with specified IPv6 dest and source address.
|
||||
This option should be accompanied by one of the following options: -i, -s, -S, -T, -u
|
||||
Use this option to apply "custom" IP addresses.
|
||||
Example: I<-6 fe80:0:0:0:202:b3ff:fe1e:8329, 2001:0db8:85a3:0000:0000:8a2e:0370:7334> to
|
||||
use fe80:0:0:0:202:b3ff:fe1e:8329 and 2001:0db8:85a3:0000:0000:8a2e:0370:7334 for all IP packets.
|
||||
Example: I<-6 fe80::202:b3ff:fe1e:8329,2001:0db8:85a3::8a2e:0370:7334> to
|
||||
use fe80::202:b3ff:fe1e:8329 and 2001:0db8:85a3::8a2e:0370:7334 for all IP packets.
|
||||
|
||||
=back
|
||||
|
||||
|
|
|
@ -217,13 +217,15 @@ traffic into a libpcap file.
|
|||
`text2pcap` is a program that reads in an ASCII hex dump and writes the data
|
||||
described into a libpcap-style capture file. text2pcap can read hexdumps with
|
||||
multiple packets in them, and build a capture file of multiple packets.
|
||||
`text2pcap` is also capable of generating dummy Ethernet, IP and UDP headers, in
|
||||
order to build fully processable packet dumps from hexdumps of application-level
|
||||
data only.
|
||||
`text2pcap` is also capable of generating dummy Ethernet, IP, UDP, TCP or SCTP
|
||||
headers, in order to build fully processable packet dumps from hexdumps of
|
||||
application-level data only.
|
||||
|
||||
`text2pcap` understands a hexdump of the form generated by `od -A x -t x1`. In
|
||||
other words, each byte is individually displayed and surrounded with a space.
|
||||
Each line begins with an offset describing the position in the file. The offset
|
||||
Each line begins with an offset describing the position in the packet, each new
|
||||
packet starts with an offset of 0 and there is a space separating the offset
|
||||
from the following bytes. The offset
|
||||
is a hex number (can also be octal - see `-o`), of more than two hex digits. Here
|
||||
is a sample dump that `text2pcap` can recognize:
|
||||
|
||||
|
@ -247,8 +249,11 @@ recognized as being a hex number longer than two characters. Any text after the
|
|||
bytes is ignored (e.g. the character dump). Any hex numbers in this text are
|
||||
also ignored. An offset of zero is indicative of starting a new packet, so a
|
||||
single text file with a series of hexdumps can be converted into a packet
|
||||
capture with multiple packets. Multiple packets are read in with timestamps
|
||||
differing by one second each. In general, short of these restrictions, text2pcap
|
||||
capture with multiple packets. Packets may be preceded by a timestamp. These
|
||||
are interpreted according to the format given on the command line. If not, the
|
||||
first packet is timestamped with the current time the conversion takes place.
|
||||
Multiple packets are written with timestamps differing by one microsecond each.
|
||||
In general, short of these restrictions, text2pcap
|
||||
is pretty liberal about reading in hexdumps and has been tested with a variety
|
||||
of mangled outputs (including being forwarded through email multiple times, with
|
||||
limited line wrap etc.)
|
||||
|
@ -262,9 +267,9 @@ way it should be processed e.g. timestamps, encapsulation type etc.
|
|||
|
||||
`text2pcap` also allows the user to read in dumps of application-level data, by
|
||||
inserting dummy L2, L3 and L4 headers before each packet. Possibilities include
|
||||
inserting headers such as Ethernet, Ethernet + IP, Ethernet + IP + UDP, or
|
||||
Ethernet + Ip + TCP before each packet. This allows Wireshark or any other
|
||||
full-packet decoder to handle these dumps.
|
||||
inserting headers such as Ethernet, Ethernet + IP, Ethernet + IP + UDP, or TCP,
|
||||
or SCTP before each packet. This allows Wireshark or any other full-packet
|
||||
decoder to handle these dumps.
|
||||
|
||||
For more information on `text2pcap` consult your local manual page (`man
|
||||
text2pcap`) or link:{wireshark-man-page-url}text2pcap.html[the online
|
||||
|
|
15
text2pcap.c
15
text2pcap.c
|
@ -33,9 +33,9 @@
|
|||
* - No text appears between the offset and the bytes (any bytes appearing after
|
||||
* such text would be ignored)
|
||||
*
|
||||
* - The offset must be arithmetically correct, i.e. if the offset is 00000020, then
|
||||
* exactly 32 bytes must have been read into this packet before this. If the offset
|
||||
* is wrong, the packet is immediately terminated
|
||||
* - The offset must be arithmetically correct, i.e. if the offset is 00000020,
|
||||
* then exactly 32 bytes must have been read into this packet before this.
|
||||
* If the offset is wrong, the packet is immediately terminated
|
||||
*
|
||||
* A packet start is signaled by a zero offset.
|
||||
*
|
||||
|
@ -51,7 +51,7 @@
|
|||
*
|
||||
* The output is a libpcap packet containing Ethernet frames by
|
||||
* default. This program takes options which allow the user to add
|
||||
* dummy Ethernet, IP and UDP or TCP headers to the packets in order
|
||||
* dummy Ethernet, IP and UDP, TCP or SCTP headers to the packets in order
|
||||
* to allow dumps of L3 or higher protocols to be decoded.
|
||||
*
|
||||
* Considerable flexibility is built into this code to read hexdumps
|
||||
|
@ -1377,7 +1377,8 @@ print_usage (FILE *output)
|
|||
" used as the default for unspecified fields.\n"
|
||||
" -D the text before the packet starts with an I or an O,\n"
|
||||
" indicating that the packet is inbound or outbound.\n"
|
||||
" This is only stored if the output format is pcapng.\n"
|
||||
" This is used when generating dummy headers.\n"
|
||||
" The indication is only stored if the output format is pcapng.\n"
|
||||
" -a enable ASCII text dump identification.\n"
|
||||
" The start of the ASCII text dump can be identified\n"
|
||||
" and excluded from the packet data, even if it looks\n"
|
||||
|
@ -1406,9 +1407,9 @@ print_usage (FILE *output)
|
|||
" -4 <srcip>,<destip> prepend dummy IPv4 header with specified\n"
|
||||
" dest and source address.\n"
|
||||
" Example: -4 10.0.0.1,10.0.0.2\n"
|
||||
" -6 <srcip>,<destip> replace IPv6 header with specified\n"
|
||||
" -6 <srcip>,<destip> prepend dummy IPv6 header with specified\n"
|
||||
" dest and source address.\n"
|
||||
" Example: -6 fe80:0:0:0:202:b3ff:fe1e:8329,2001:0db8:85a3:0000:0000:8a2e:0370:7334\n"
|
||||
" Example: -6 fe80::202:b3ff:fe1e:8329,2001:0db8:85a3::8a2e:0370:7334\n"
|
||||
" -u <srcp>,<destp> prepend dummy UDP header with specified\n"
|
||||
" source and destination ports (in DECIMAL).\n"
|
||||
" Automatically prepends Ethernet & IP headers as well.\n"
|
||||
|
|
Loading…
Reference in New Issue