Docs+Packaging: Convert our man pages to Asciidoctor.

Convert doc/*.pod to Asciidoctor. This: * Means we use the same markup for our man pages, the guides, and release notes. * Lets us add versions to our man pages. * Gives us more formatting options, e.g. AsciiDoc supports `commands`, nested lists and makes it easy to include version information. The manpage backend doesn't seem to support tables very well, unfortunately. Convert our CMake configuration to produce *roff and html man pages using Asciidoctor. Add a "manarg" block macro which makes our synopses wrap correctly. Similar to the release notes, guides, and FAQ, if Asciidoctor isn't found the man pages won't be generated or installed. Move Asciidoctor to the list of package build dependencies in various places. This commit includes the conversion script (pod2adoc.py), which will be removed later. Line count sanity check: Man page .pod .adoc androiddump 260 280 asn2deb 93 105 capinfos 401 471 captype 54 55 ciscodump 241 269 dftest 42 42 dpauxmon 153 169 dumpcap 464 534 editcap 528 583 etwdump 136 156 extcap 157 181 idl2deb 91 103 idl2wrs 120 100 mergecap 206 207 mmdbresolve 75 75 randpkt 107 111 randpktdump 158 184 rawshark 558 610 reordercap 76 78 sdjournal 145 157 sshdump 272 302 text2pcap 274 312 tshark 2135 2360 udpdump 133 151 wireshark-filter 486 479 wireshark 2967 3420
2021-06-18 03:20:51 -07:00 · 2021-06-18 03:20:51 -07:00 · 84ab55cf75
parent 9f1607ab47
commit 84ab55cf75
40 changed files with 5377 additions and 4280 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -1345,8 +1345,6 @@ ws_find_package(WinSparkle ENABLE_WINSPARKLE HAVE_SOFTWARE_UPDATE)
 find_package( Asciidoctor 1.5 )
 find_package(POD REQUIRED)
 find_package(DOXYGEN)
 # The SpeexDSP resampler is required iff building wireshark or sharkd.
@ -1939,41 +1937,45 @@ set(INSTALL_FILES
 	smi_modules
 	wka
 	docbook/ws.css
 	${CMAKE_BINARY_DIR}/doc/AUTHORS-SHORT
 	${CMAKE_BINARY_DIR}/doc/androiddump.html
 	${CMAKE_BINARY_DIR}/doc/udpdump.html
 	${CMAKE_BINARY_DIR}/doc/capinfos.html
 	${CMAKE_BINARY_DIR}/doc/captype.html
 	${CMAKE_BINARY_DIR}/doc/ciscodump.html
 	${CMAKE_BINARY_DIR}/doc/dftest.html
 	${CMAKE_BINARY_DIR}/doc/dumpcap.html
 	${CMAKE_BINARY_DIR}/doc/editcap.html
 	${CMAKE_BINARY_DIR}/doc/extcap.html
 	${CMAKE_BINARY_DIR}/doc/mergecap.html
 	${CMAKE_BINARY_DIR}/doc/randpkt.html
 	${CMAKE_BINARY_DIR}/doc/randpktdump.html
 	${CMAKE_BINARY_DIR}/doc/etwdump.html
 	${CMAKE_BINARY_DIR}/doc/rawshark.html
 	${CMAKE_BINARY_DIR}/doc/reordercap.html
 	${CMAKE_BINARY_DIR}/doc/sshdump.html
 	${CMAKE_BINARY_DIR}/doc/text2pcap.html
 	${CMAKE_BINARY_DIR}/doc/tshark.html
 	${CMAKE_BINARY_DIR}/doc/wireshark.html
 	${CMAKE_BINARY_DIR}/doc/wireshark-filter.html
 )
-if(MAXMINDDB_FOUND)
+if (ASCIIDOCTOR_FOUND)
 	list(APPEND INSTALL_FILES ${CMAKE_BINARY_DIR}/doc/mmdbresolve.html)
 endif()
 if (BUILD_corbaidl2wrs)
 	list(APPEND INSTALL_FILES ${CMAKE_BINARY_DIR}/doc/idl2wrs.html)
 endif()
 if (BUILD_xxx2deb)
 	list(APPEND INSTALL_FILES
-		${CMAKE_BINARY_DIR}/doc/asn2deb.html
+		${CMAKE_BINARY_DIR}/doc/AUTHORS-SHORT
-		${CMAKE_BINARY_DIR}/doc/idl2deb.html
+		${CMAKE_BINARY_DIR}/doc/androiddump.html
 		${CMAKE_BINARY_DIR}/doc/udpdump.html
 		${CMAKE_BINARY_DIR}/doc/capinfos.html
 		${CMAKE_BINARY_DIR}/doc/captype.html
 		${CMAKE_BINARY_DIR}/doc/ciscodump.html
 		${CMAKE_BINARY_DIR}/doc/dftest.html
 		${CMAKE_BINARY_DIR}/doc/dumpcap.html
 		${CMAKE_BINARY_DIR}/doc/editcap.html
 		${CMAKE_BINARY_DIR}/doc/extcap.html
 		${CMAKE_BINARY_DIR}/doc/mergecap.html
 		${CMAKE_BINARY_DIR}/doc/randpkt.html
 		${CMAKE_BINARY_DIR}/doc/randpktdump.html
 		${CMAKE_BINARY_DIR}/doc/etwdump.html
 		${CMAKE_BINARY_DIR}/doc/rawshark.html
 		${CMAKE_BINARY_DIR}/doc/reordercap.html
 		${CMAKE_BINARY_DIR}/doc/sshdump.html
 		${CMAKE_BINARY_DIR}/doc/text2pcap.html
 		${CMAKE_BINARY_DIR}/doc/tshark.html
 		${CMAKE_BINARY_DIR}/doc/wireshark.html
 		${CMAKE_BINARY_DIR}/doc/wireshark-filter.html
 	)
 	if(MAXMINDDB_FOUND)
 		list(APPEND INSTALL_FILES ${CMAKE_BINARY_DIR}/doc/mmdbresolve.html)
 	endif()
 	if (BUILD_corbaidl2wrs)
 		list(APPEND INSTALL_FILES ${CMAKE_BINARY_DIR}/doc/idl2wrs.html)
 	endif()
 	if (BUILD_xxx2deb)
 		list(APPEND INSTALL_FILES
 			${CMAKE_BINARY_DIR}/doc/asn2deb.html
 			${CMAKE_BINARY_DIR}/doc/idl2deb.html
 		)
 	endif()
 endif()
 if(NOT WIN32)
--- a/cmake/modules/FindAsciidoctor.cmake
+++ b/cmake/modules/FindAsciidoctor.cmake
@ -39,12 +39,14 @@ if(ASCIIDOCTOR_EXECUTABLE)
    set (_asciidoctor_common_args
        # Doesn't work with AsciidoctorJ?
        # --failure-level=WARN
        # --trace
        --attribute build_dir=${CMAKE_CURRENT_BINARY_DIR}
-        --require ${CMAKE_CURRENT_SOURCE_DIR}/asciidoctor-macros/ws_utils.rb
+        --require ${CMAKE_SOURCE_DIR}/docbook/asciidoctor-macros/ws_utils.rb
-        --require ${CMAKE_CURRENT_SOURCE_DIR}/asciidoctor-macros/commaize-block.rb
+        --require ${CMAKE_SOURCE_DIR}/docbook/asciidoctor-macros/commaize-block.rb
-        --require ${CMAKE_CURRENT_SOURCE_DIR}/asciidoctor-macros/cveidlink-inline-macro.rb
+        --require ${CMAKE_SOURCE_DIR}/docbook/asciidoctor-macros/cveidlink-inline-macro.rb
-        --require ${CMAKE_CURRENT_SOURCE_DIR}/asciidoctor-macros/wsbuglink-inline-macro.rb
+        --require ${CMAKE_SOURCE_DIR}/docbook/asciidoctor-macros/manarg-block.rb
-        --require ${CMAKE_CURRENT_SOURCE_DIR}/asciidoctor-macros/wssalink-inline-macro.rb
+        --require ${CMAKE_SOURCE_DIR}/docbook/asciidoctor-macros/wsbuglink-inline-macro.rb
        --require ${CMAKE_SOURCE_DIR}/docbook/asciidoctor-macros/wssalink-inline-macro.rb
    )
    set(_asciidoctor_common_command
@ -83,7 +85,7 @@ if(ASCIIDOCTOR_EXECUTABLE)
        unset(_output_xml)
    ENDMACRO()
-    # Currently single page only.
+    # Single page only, for the release notes and man pages.
    MACRO( ASCIIDOCTOR2HTML _asciidocsource )
        GET_FILENAME_COMPONENT( _source_base_name ${_asciidocsource} NAME_WE )
        set( _output_html ${_source_base_name}.html )
@ -124,6 +126,27 @@ if(ASCIIDOCTOR_EXECUTABLE)
        unset(_output_txt)
    ENDMACRO()
    # Single page only, for the release notes and man pages.
    MACRO( ASCIIDOCTOR2MAN _asciidocsource _man_section)
        GET_FILENAME_COMPONENT( _source_base_name ${_asciidocsource} NAME_WE )
        set( _output_man ${_source_base_name}.${_man_section} )
        ADD_CUSTOM_COMMAND(
            OUTPUT
                ${_output_man}
            COMMAND ${_asciidoctor_common_command}
                --backend manpage
                --out-file ${_output_man}
                ${CMAKE_CURRENT_SOURCE_DIR}/${_asciidocsource}
            DEPENDS
                ${CMAKE_CURRENT_SOURCE_DIR}/${_asciidocsource}
                ${ARGN}
        )
        add_custom_target(generate_${_output_man} DEPENDS ${_output_man})
        set_asciidoctor_target_properties(generate_${_output_man})
        unset(_output_man)
    ENDMACRO()
    # news: release-notes.txt
    #         ${CMAKE_COMMAND} -E copy_if_different release-notes.txt ../NEWS
--- a/cmake/modules/FindPOD.cmake
+++ b/cmake/modules/FindPOD.cmake
@ -1,84 +0,0 @@
 #
 # - Find pod2man and pod2html.
 #
 find_program(POD2MAN_EXECUTABLE
 	NAMES
 		pod2man
 		pod2man.bat
 	PATHS
 		/bin
 		/usr/bin
 		/usr/local/bin
 		/sbin
 )
 find_program(POD2HTML_EXECUTABLE
 	NAMES
 		pod2html
 		pod2html.bat
 	PATHS
 		/bin
 		/usr/bin
 		/usr/local/bin
 		/sbin
 )
 # handle the QUIETLY and REQUIRED arguments and set POD2HTML_FOUND to TRUE if
 # all listed variables are TRUE
 include(FindPackageHandleStandardArgs)
 find_package_handle_standard_args(POD DEFAULT_MSG POD2MAN_EXECUTABLE POD2HTML_EXECUTABLE)
 mark_as_advanced(
 	POD2MAN_EXECUTABLE
 	POD2HTML_EXECUTABLE
 )
 # run pod2man and pod2html
 macro(pod2manhtml _sourcefile _manext)
 	get_filename_component(_basefile ${_sourcefile} NAME)
 	set(_outman ${_basefile}.${_manext})
 	set(_outhtml ${_basefile}.html)
 	add_custom_command(
 		OUTPUT
 			${_outman}
 		COMMAND
 			${PERL_EXECUTABLE} ${POD2MAN_EXECUTABLE}
 			--section=${_manext}
 			--center=\"The Wireshark Network Analyzer\"
 			--release=${PROJECT_VERSION}
 			${_sourcefile}.pod
 			> ${_outman}
 		DEPENDS
 			${_sourcefile}.pod
 	)
 	add_custom_command(
 		OUTPUT
 			${_outhtml}
 		COMMAND
 			${PERL_EXECUTABLE} ${POD2HTML_EXECUTABLE}
 			--title=\"${_basefile} - The Wireshark Network Analyzer ${CPACK_PACKAGE_VERSION}\"
 			--css=ws.css
 			--noindex
 			${_sourcefile}.pod
 			> ${_outhtml}
 		DEPENDS
 			${_sourcefile}.pod
 			${CMAKE_SOURCE_DIR}/docbook/ws.css
 	)
 endmacro(pod2manhtml)
 #
 # Editor modelines  -  https://www.wireshark.org/tools/modelines.html
 #
 # Local variables:
 # c-basic-offset: 8
 # tab-width: 8
 # indent-tabs-mode: t
 # End:
 #
 # vi: set shiftwidth=8 tabstop=8 noexpandtab:
 # :indentSize=8:tabSize=8:noTabs=false:
 #
--- a/doc/CMakeLists.txt
+++ b/doc/CMakeLists.txt
@ -7,6 +7,8 @@
 # SPDX-License-Identifier: GPL-2.0-or-later
 #
 find_package( Asciidoctor 1.5 )
 add_custom_command(
 	OUTPUT AUTHORS-SHORT
 	COMMAND ${PERL_EXECUTABLE}
@ -18,98 +20,69 @@ add_custom_command(
 		${CMAKE_SOURCE_DIR}/AUTHORS
 )
 set(MAN1_INSTALL_FILES)
 set(MAN4_INSTALL_FILES)
 set(HTML_INSTALL_FILES)
-pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/wireshark   1)
+macro (ASCIIDOCTOR2MANHTML _page_name _man_section)
-pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/androiddump 1)
+	if(ASCIIDOCTOR_FOUND)
-pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/capinfos    1)
+		ASCIIDOCTOR2HTML(${_page_name}.adoc)
-pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/captype     1)
+		ASCIIDOCTOR2MAN(${_page_name}.adoc ${_man_section})
 pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/ciscodump   1)
 pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/dftest      1)
 pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/dumpcap     1)
 pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/editcap     1)
 pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/mergecap    1)
 pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/randpkt     1)
 pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/randpktdump 1)
 pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/etwdump 1)
 pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/rawshark    1)
 pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/reordercap  1)
 pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/sshdump     1)
 pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/text2pcap   1)
 pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/tshark      1)
 pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/udpdump     1)
-pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/extcap           4)
+		list(APPEND HTML_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/${_page_name}.html)
-pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/wireshark-filter 4)
+		if (${_man_section} EQUAL 1)
 			list(APPEND MAN1_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/${_page_name}.${_man_section})
 		elseif (${_man_section} EQUAL 4)
 			list(APPEND MAN4_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/${_page_name}.${_man_section})
 		else()
 			message(FATAL_ERROR "Unsupported manual page section ${_man_section} for ${_page_name}")
 		endif()
 	endif()
 endmacro()
 ASCIIDOCTOR2MANHTML(wireshark   1)
 ASCIIDOCTOR2MANHTML(androiddump 1)
 ASCIIDOCTOR2MANHTML(capinfos    1)
 ASCIIDOCTOR2MANHTML(captype     1)
 ASCIIDOCTOR2MANHTML(ciscodump   1)
 ASCIIDOCTOR2MANHTML(dftest      1)
 ASCIIDOCTOR2MANHTML(dumpcap     1)
 ASCIIDOCTOR2MANHTML(editcap     1)
 ASCIIDOCTOR2MANHTML(mergecap    1)
 ASCIIDOCTOR2MANHTML(randpkt     1)
 ASCIIDOCTOR2MANHTML(randpktdump 1)
 ASCIIDOCTOR2MANHTML(etwdump     1)
 ASCIIDOCTOR2MANHTML(rawshark    1)
 ASCIIDOCTOR2MANHTML(reordercap  1)
 ASCIIDOCTOR2MANHTML(sshdump     1)
 ASCIIDOCTOR2MANHTML(text2pcap   1)
 ASCIIDOCTOR2MANHTML(tshark      1)
 ASCIIDOCTOR2MANHTML(udpdump     1)
 ASCIIDOCTOR2MANHTML(extcap           4)
 ASCIIDOCTOR2MANHTML(wireshark-filter 4)
 if(BUILD_dpauxmon AND HAVE_LIBNL3)
-	pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/dpauxmon    1)
+	ASCIIDOCTOR2MANHTML(dpauxmon    1)
 endif()
 if(BUILD_sdjournal AND SYSTEMD_FOUND)
-	pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/sdjournal   1)
+	ASCIIDOCTOR2MANHTML(sdjournal   1)
 endif()
 if(MAXMINDDB_FOUND)
-	pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/mmdbresolve 1)
+	ASCIIDOCTOR2MANHTML(mmdbresolve 1)
 endif()
 if (BUILD_corbaidl2wrs)
-	pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/idl2wrs     1)
+	ASCIIDOCTOR2MANHTML(idl2wrs     1)
 endif()
 if (BUILD_xxx2deb)
-	pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/asn2deb     1)
+	ASCIIDOCTOR2MANHTML(asn2deb     1)
-	pod2manhtml(${CMAKE_CURRENT_SOURCE_DIR}/idl2deb     1)
+	ASCIIDOCTOR2MANHTML(idl2deb     1)
 endif()
 set(MAN1_INSTALL_FILES
 	${CMAKE_CURRENT_BINARY_DIR}/androiddump.1
 	${CMAKE_CURRENT_BINARY_DIR}/capinfos.1
 	${CMAKE_CURRENT_BINARY_DIR}/captype.1
 	${CMAKE_CURRENT_BINARY_DIR}/ciscodump.1
 	${CMAKE_CURRENT_BINARY_DIR}/ciscodump.1
 	${CMAKE_CURRENT_BINARY_DIR}/dftest.1
 	${CMAKE_CURRENT_BINARY_DIR}/dumpcap.1
 	${CMAKE_CURRENT_BINARY_DIR}/editcap.1
 	${CMAKE_CURRENT_BINARY_DIR}/mergecap.1
 	${CMAKE_CURRENT_BINARY_DIR}/randpkt.1
 	${CMAKE_CURRENT_BINARY_DIR}/randpktdump.1
 	${CMAKE_CURRENT_BINARY_DIR}/etwdump.1
 	${CMAKE_CURRENT_BINARY_DIR}/rawshark.1
 	${CMAKE_CURRENT_BINARY_DIR}/reordercap.1
 	${CMAKE_CURRENT_BINARY_DIR}/sshdump.1
 	${CMAKE_CURRENT_BINARY_DIR}/text2pcap.1
 	${CMAKE_CURRENT_BINARY_DIR}/tshark.1
 	${CMAKE_CURRENT_BINARY_DIR}/udpdump.1
 	${CMAKE_CURRENT_BINARY_DIR}/wireshark.1
 )
 if(BUILD_dpauxmon AND HAVE_LIBNL3)
 	list(APPEND MAN1_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/dpauxmon.1)
 endif()
 if(BUILD_sdjournal AND SYSTEMD_FOUND)
 	list(APPEND MAN1_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/sdjournal.1)
 endif()
 if(MAXMINDDB_FOUND)
 	list(APPEND MAN1_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/mmdbresolve.1)
 endif()
 if (BUILD_corbaidl2wrs)
 	list(APPEND MAN1_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/idl2wrs.1)
 endif()
 if (BUILD_xxx2deb)
 	list(APPEND MAN1_INSTALL_FILES
 		${CMAKE_CURRENT_BINARY_DIR}/asn2deb.1
 		${CMAKE_CURRENT_BINARY_DIR}/idl2deb.1
 	)
 endif()
 set(MAN4_INSTALL_FILES
 	${CMAKE_CURRENT_BINARY_DIR}/extcap.4
 	${CMAKE_CURRENT_BINARY_DIR}/wireshark-filter.4
 )
 set(BUNDLE_RESOURCE_SHARE_MAN1_FILES ${MAN1_INSTALL_FILES} PARENT_SCOPE)
 set(BUNDLE_RESOURCE_SHARE_MAN4_FILES ${MAN4_INSTALL_FILES} PARENT_SCOPE)
@ -118,52 +91,6 @@ add_custom_target(manpages DEPENDS
 	${MAN4_INSTALL_FILES}
 )
 set(HTML_INSTALL_FILES
 	${CMAKE_CURRENT_BINARY_DIR}/androiddump.html
 	${CMAKE_CURRENT_BINARY_DIR}/capinfos.html
 	${CMAKE_CURRENT_BINARY_DIR}/captype.html
 	${CMAKE_CURRENT_BINARY_DIR}/ciscodump.html
 	${CMAKE_CURRENT_BINARY_DIR}/ciscodump.html
 	${CMAKE_CURRENT_BINARY_DIR}/dftest.html
 	${CMAKE_CURRENT_BINARY_DIR}/dumpcap.html
 	${CMAKE_CURRENT_BINARY_DIR}/editcap.html
 	${CMAKE_CURRENT_BINARY_DIR}/extcap.html
 	${CMAKE_CURRENT_BINARY_DIR}/mergecap.html
 	${CMAKE_CURRENT_BINARY_DIR}/randpkt.html
 	${CMAKE_CURRENT_BINARY_DIR}/randpktdump.html
 	${CMAKE_CURRENT_BINARY_DIR}/etwdump.html
 	${CMAKE_CURRENT_BINARY_DIR}/rawshark.html
 	${CMAKE_CURRENT_BINARY_DIR}/reordercap.html
 	${CMAKE_CURRENT_BINARY_DIR}/sshdump.html
 	${CMAKE_CURRENT_BINARY_DIR}/text2pcap.html
 	${CMAKE_CURRENT_BINARY_DIR}/tshark.html
 	${CMAKE_CURRENT_BINARY_DIR}/udpdump.html
 	${CMAKE_CURRENT_BINARY_DIR}/wireshark-filter.html
 	${CMAKE_CURRENT_BINARY_DIR}/wireshark.html
 )
 if(BUILD_dpauxmon AND HAVE_LIBNL3)
 	list(APPEND HTML_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/dpauxmon.html)
 endif()
 if(BUILD_sdjournal AND SYSTEMD_FOUND)
 	list(APPEND HTML_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/sdjournal.html)
 endif()
 if(MAXMINDDB_FOUND)
 	list(APPEND HTML_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/mmdbresolve.html)
 endif()
 if (BUILD_corbaidl2wrs)
 	list(APPEND HTML_INSTALL_FILES ${CMAKE_CURRENT_BINARY_DIR}/idl2wrs.html)
 endif()
 if (BUILD_xxx2deb)
 	list(APPEND HTML_INSTALL_FILES
 		${CMAKE_CURRENT_BINARY_DIR}/asn2deb.html
 		${CMAKE_CURRENT_BINARY_DIR}/idl2deb.html
 	)
 endif()
 add_custom_target(
 	docs ALL
 	DEPENDS
@ -174,19 +101,21 @@ add_custom_target(
 )
 set_target_properties(docs PROPERTIES FOLDER "Docs")
-install(
+if(ASCIIDOCTOR_FOUND)
-	FILES
+	install(
-		${MAN1_INSTALL_FILES}
+		FILES
-	DESTINATION
+			${MAN1_INSTALL_FILES}
-		${CMAKE_INSTALL_MANDIR}/man1
+		DESTINATION
-)
+			${CMAKE_INSTALL_MANDIR}/man1
 	)
-install(
+	install(
-	FILES
+		FILES
-		${MAN4_INSTALL_FILES}
+			${MAN4_INSTALL_FILES}
-	DESTINATION
+		DESTINATION
-		${CMAKE_INSTALL_MANDIR}/man4
+			${CMAKE_INSTALL_MANDIR}/man4
-)
+	)
 endif()
 #
 # Installation of HTML manuals is done
--- a/doc/androiddump.adoc
+++ b/doc/androiddump.adoc
@ -1,55 +1,61 @@
-=begin man
+= androiddump(1)
 :doctype: manpage
 include::../docbook/attributes.adoc[]
 :stylesheet: ws.css
 :linkcss:
 :copycss: ../docbook/{stylesheet}
-=encoding utf8
+== NAME
 =end man
 =head1 NAME
 androiddump - Provide interfaces to capture from Android devices
-=head1 SYNOPSIS
+== SYNOPSIS
-B<androiddump>
+[manarg]
-S<[ B<--help> ]>
+*androiddump*
-S<[ B<--version> ]>
+[ *--help* ]
-S<[ B<--extcap-version> ]>
+[ *--version* ]
-S<[ B<--debug> ]>
+[ *--extcap-version* ]
-S<[ B<--extcap-interfaces> ]>
+[ *--debug* ]
-S<[ B<--extcap-dlts> ]>
+[ *--extcap-interfaces* ]
-S<[ B<--extcap-interface>=E<lt>interfaceE<gt> ]>
+[ *--extcap-dlts* ]
-S<[ B<--extcap-config> ]>
+[ *--extcap-interface*=<interface> ]
-S<[ B<--capture> ]>
+[ *--extcap-config* ]
-S<[ B<--fifo>=E<lt>path to file or pipeE<gt> ]>
+[ *--capture* ]
-S<[ B<--adb-server-ip>=E<lt>IP addressE<gt> ]>
+[ *--fifo*=<path to file or pipe> ]
-S<[ B<--adb-server-tcp-port>=E<lt>TCP portE<gt> ]>
+[ *--adb-server-ip*=<IP address> ]
-S<[ B<--logcat-text>=E<lt>TRUE or FALSEE<gt> ]>
+[ *--adb-server-tcp-port*=<TCP port> ]
-S<[ B<--bt-server-tcp-port>=E<lt>TCP portE<gt> ]>
+[ *--logcat-text*=<TRUE or FALSE> ]
-S<[ B<--bt-forward-socket>=E<lt>TRUE or FALSEE<gt> ]>
+[ *--bt-server-tcp-port*=<TCP port> ]
-S<[ B<--bt-local-ip>=E<lt>IP addressE<gt> ]>
+[ *--bt-forward-socket*=<TRUE or FALSE> ]
-S<[ B<--bt-local-tcp-port>=E<lt>TCP portE<gt> ]>
+[ *--bt-local-ip*=<IP address> ]
 [ *--bt-local-tcp-port*=<TCP port> ]
-B<androiddump>
+[manarg]
-S< B<--extcap-interfaces> >
+*androiddump*
-S<[ B<--adb-server-ip>=E<lt>IP addressE<gt> ]>
+*--extcap-interfaces*
-S<[ B<--adb-server-tcp-port>=E<lt>TCP portE<gt> ]>
+[ *--adb-server-ip*=<IP address> ]
 [ *--adb-server-tcp-port*=<TCP port> ]
-B<androiddump>
+[manarg]
-S< B<--extcap-interface>=E<lt>interfaceE<gt> >
+*androiddump*
-S<[ B<--extcap-dlts> ]>
+*--extcap-interface*=<interface>
 [ *--extcap-dlts* ]
-B<androiddump>
+[manarg]
-S< B<--extcap-interface>=E<lt>interfaceE<gt> >
+*androiddump*
-S<[ B<--extcap-config> ]>
+*--extcap-interface*=<interface>
 [ *--extcap-config* ]
-B<androiddump>
+[manarg]
-S< B<--extcap-interface>=E<lt>interfaceE<gt> >
+*androiddump*
-S< B<--fifo>=E<lt>path to file or pipeE<gt> >
+*--extcap-interface*=<interface>
-S< B<--capture> >
+*--fifo*=<path to file or pipe>
 *--capture*
-=head1 DESCRIPTION
+== DESCRIPTION
-B<Androiddump> is a extcap tool that provide interfaces to capture from
+*Androiddump* is a extcap tool that provide interfaces to capture from
 Android device. There is only two requirements:
 1. You must have Android SDK and add it PATH environment variable.
@ -60,115 +66,132 @@ https://developer.android.com/sdk/index.html#Other
 2. You must have permission to Android devices. Some Android devices requires
 on-screen authentication.
 Supported interfaces:
-=over 4
+1. Logcat Main (binary [++<=++Jelly Bean] or text)
-
+2. Logcat System (binary [++<=++Jelly Bean] or text)
-=item 1. Logcat Main (binary [<=Jelly Bean] or text)
+3. Logcat Events (binary [++<=++Jelly Bean] or text)
-
+4. Logcat Radio (binary [++<=++Jelly Bean] or text)
-=item 2. Logcat System (binary [<=Jelly Bean] or text)
+5. Logcat Crash (text; from Lollipop)
-
+6. Bluetooth Hcidump [++<=++Jelly Bean]
-=item 3. Logcat Events (binary [<=Jelly Bean] or text)
+7. Bluetooth Bluedroid External Parser [Kitkat]
-
+8. Bluetooth BtsnoopNet [>=Lollipop]
-=item 4. Logcat Radio (binary [<=Jelly Bean] or text)
+9. WiFi tcpdump [need tcpdump on phone]
 =item 5. Logcat Crash (text; from Lollipop)
 =item 6. Bluetooth Hcidump [<=Jelly Bean]
 =item 7. Bluetooth Bluedroid External Parser [Kitkat]
 =item 8. Bluetooth BtsnoopNet [>=Lollipop]
 =item 9. WiFi tcpdump [need tcpdump on phone]
 =back
 Please note that it will work also for FirefoxOS or other Android-based stuffs.
-=head1 OPTIONS
+== OPTIONS
 =over 4
 =item --help
 --help::
 +
 --
 Print program arguments.
 --
-=item --version
+--version::
-
+
 --
 Print program version.
 --
-=item --extcap-version
+--extcap-version::
-
+
 --
 Print extcapized version.
 --
-=item --debug
+--debug::
-
+
 --
 Print additional messages.
 --
-=item --extcap-interfaces
+--extcap-interfaces::
-
+
 --
 List available interfaces.
 --
-=item --extcap-interface=E<lt>interfaceE<gt>
+--extcap-interface=<interface>::
-
+
 --
 Use specified interfaces.
 --
-=item --extcap-dlts
+--extcap-dlts::
-
+
 --
 List DLTs of specified interface.
 --
-=item --extcap-config
+--extcap-config::
-
+
 --
 List configuration options of specified interface.
 --
-=item --capture
+--capture::
-
+
 --
 Start capturing from specified interface save saved it in place specified by --fifo.
 --
-=item --fifo=E<lt>path to file or pipeE<gt>
+--fifo=<path to file or pipe>::
-
+
 --
 Save captured packet to file or send it through pipe.
 --
-=item --adb-server-ip=E<lt>IP addressE<gt>
+--adb-server-ip=<IP address>::
-
+
 --
 Use other then default (127.0.0.1) ADB daemon's IP address.
 --
-=item --adb-server-tcp-port=E<lt>TCP portE<gt>
+--adb-server-tcp-port=<TCP port>::
-
+
 --
 Use other then default (5037) ADB daemon's TCP port.
 --
-=item --logcat-text=E<lt>TRUE or FALSEE<gt>
+--logcat-text=<TRUE or FALSE>::
-
+
 --
 If TRUE then use text logcat rather then binary. This option has effect only on
 Logcat interfaces. This have no effect from Lollipop where is no binary Logcat
 available.
 Defaults to FALSE.
 --
-=item --bt-server-tcp-port=E<lt>TCP portE<gt>
+--bt-server-tcp-port=<TCP port>::
-
+
 --
 Use other then default Bluetooth server TCP port on Android side.
 On Lollipop defaults is 8872, earlier 4330.
 --
-=item --bt-forward-socket=E<lt>TRUE or FALSEE<gt>
+--bt-forward-socket=<TRUE or FALSE>::
-
+
 --
 If TRUE then socket from Android side is forwarded to host side.
 Defaults to FALSE.
 --
-=item --bt-local-ip=E<lt>IP addressE<gt>
+--bt-local-ip=<IP address>::
-
+
 --
 Use other then default (127.0.0.1) IP address on host side for forwarded socket.
 --
-=item --bt-local-tcp-port=E<lt>TCP portE<gt>
+--bt-local-tcp-port=<TCP port>::
-
+
 --
 Specify port to be used on host side for forwarded socket.
 --
-=back
+== EXAMPLES
 =head1 EXAMPLES
 To see program arguments:
@ -220,7 +243,6 @@ To see interface DLTs:
  Example output:
    dlt {number=99}{name=BluetoothH4}{display=Bluetooth HCI UART transport layer plus pseudo-header}
 To see interface configuration options:
    androiddump --extcap-interface=android-bluetooth-hcidump-MSM7627A --extcap-config
@ -229,32 +251,30 @@ To see interface configuration options:
    arg {number=0}{call=--adb-server-ip}{display=ADB Server IP Address}{type=string}{default=127.0.0.1}
    arg {number=1}{call=--adb-server-tcp-port}{display=ADB Server TCP Port}{type=integer}{range=0,65535}{default=5037}
 To capture:
    androiddump --extcap-interface=android-bluetooth-hcidump-MSM7627A --fifo=/tmp/bluetooth.pcapng --capture
 NOTE: To stop capturing CTRL+C/kill/terminate application.
-=head1 SEE ALSO
+== SEE ALSO
-wireshark(1), tshark(1), dumpcap(1), extcap(4)
+xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4)
-=head1 NOTES
+== NOTES
-B<Androiddump> is part of the B<Wireshark> distribution.  The latest version
+*Androiddump* is part of the *Wireshark* distribution.  The latest version
-of B<Wireshark> can be found at L<https://www.wireshark.org>.
+of *Wireshark* can be found at https://www.wireshark.org.
 HTML versions of the Wireshark project man pages are available at:
-L<https://www.wireshark.org/docs/man-pages>.
+https://www.wireshark.org/docs/man-pages.
-=head1 AUTHORS
+== AUTHORS
-  Original Author
+.Original Author
-  -------- ------
+[%hardbreaks]
-  Michal Labedzki             <michal.labedzki[AT]tieto.com>
+Michal Labedzki <michal.labedzki[AT]tieto.com>
-
+.Contributors
-  Contributors
+[%hardbreaks]
-  ------------
+Roland Knall <rknall[AT]gmail.com>
  Roland Knall              <rknall[AT]gmail.com>
--- a/doc/asn2deb.adoc
+++ b/doc/asn2deb.adoc
@ -1,82 +1,94 @@
-=begin man
+= asn2deb(1)
 :doctype: manpage
 include::../docbook/attributes.adoc[]
 :stylesheet: ws.css
 :linkcss:
 :copycss: ../docbook/{stylesheet}
-=encoding utf8
+== NAME
 =end man
 =head1 NAME
 asn2deb - Create a Debian package for BER monitoring from ASN.1
-=head1 SYNOPSIS
+== SYNOPSIS
-B<asn2deb>
+[manarg]
-S<[ B<-a> E<lt>ASN.1 fileE<gt> ]>
+*asn2deb*
-S<[ B<--asn>=E<lt>ASN.1 fileE<gt> ]>
+[ *-a* <ASN.1 file> ]
-S<[ B<-d> E<lt>optsE<gt> ]>
+[ *--asn*=<ASN.1 file> ]
-S<[ B<--dbopts>=E<lt>optsE<gt> ]>
+[ *-d* <opts> ]
-S<[ B<-e> E<lt>addressE<gt> ]>
+[ *--dbopts*=<opts> ]
-S<[ B<--email>=E<lt>addressE<gt> ]>
+[ *-e* <address> ]
-S<[ B<-h> ]>
+[ *--email*=<address> ]
-S<[ B<--help> ]>
+[ *-h* ]
-S<[ B<-n> E<lt>nameE<gt> ]>
+[ *--help* ]
-S<[ B<--name>=E<lt>nameE<gt> ]>
+[ *-n* <name> ]
-S<[ B<-p> ]>
+[ *--name*=<name> ]
-S<[ B<--preserve> ]>
+[ *-p* ]
-S<[ B<-v> ]>
+[ *--preserve* ]
-S<[ B<--version> ]>
+[ *-v* ]
 [ *--version* ]
-=head1 DESCRIPTION
+== DESCRIPTION
-This manual page documents briefly the B<asn2deb> command. B<asn2deb>
+This manual page documents briefly the *asn2deb* command. *asn2deb*
 takes an ASN.1 file as input and creates a Debian package from it. The package
 contains a loadable type table file for the Wireshark network analyser.
-The type table is generated by the ASN.1 compiler B<snacc>.
+The type table is generated by the ASN.1 compiler *snacc*.
-=head1 OPTIONS
+== OPTIONS
 =over 4
 =item -a E<lt>ASN.1 fileE<gt> --asn=E<lt>ASN.1 fileE<gt>
 -a <ASN.1 file> --asn=<ASN.1 file>::
 +
 --
 ASN.1 file to use (mandatory).
 --
-=item -d E<lt>optsE<gt> --dbopts=E<lt>optsE<gt>
+-d <opts> --dbopts=<opts>::
-
+
 --
 options for dpkg-buildpackage.
 --
-=item -e E<lt>addressE<gt> --email=E<lt>addressE<gt>
+-e <address> --email=<address>::
-
+
 --
 use e-mail address.
 --
-=item -h --help
+-h --help::
-
+
 --
 print help and exit.
 --
-=item -n E<lt>nameE<gt> --name=E<lt>nameE<gt>
+-n <name> --name=<name>::
-
+
 --
 use user name.
 --
-=item -p --preserve
+-p --preserve::
-
+
 --
 do not overwrite files.
 --
-=item -v --version
+-v --version::
-
+
 --
 print version and exit.
 --
-=back
+== EXAMPLES
 =head1 EXAMPLES
 /usr/bin/asn2deb -e me@foo.net -a bar.asn1 \-n "My Name" -d "-rfakeroot -uc -us"-d "-rfakeroot -uc -us"
-=head1 SEE ALSO
+== SEE ALSO
-A lot of tools are used, which you have to B<apt-get install>: wireshark-dev, python, cdbs, autotools-dev, debhelper, dpkg-dev,
+A lot of tools are used, which you have to *apt-get install*: wireshark-dev, python, cdbs, autotools-dev, debhelper, dpkg-dev,
 snacc.
-=head1 COPYING
+== COPYING
 This manual page was written by W. Borgert debacle@debian.org
 for Debian GNU/Linux (but may be used by others). Permission is granted
@ -84,10 +96,10 @@ to copy, distribute and/or modify this document under the terms of the
 GNU General Public License, Version 2 or any later version published by
 the Free Software Foundation.
-=head1 AUTHOR
+== AUTHOR
-B<W. Borgert> Author.
+*W. Borgert* Author.
-=head1 COPYRIGHT
+== COPYRIGHT
 Copyright (C) 2003, 2005 W. Borger
--- a/doc/capinfos.adoc
+++ b/doc/capinfos.adoc
@ -1,60 +1,62 @@
-=begin man
+= capinfos(1)
 :doctype: manpage
 include::../docbook/attributes.adoc[]
 :stylesheet: ws.css
 :linkcss:
 :copycss: ../docbook/{stylesheet}
-=encoding utf8
+== NAME
 =end man
 =head1 NAME
 capinfos - Prints information about capture files
-=head1 SYNOPSIS
+== SYNOPSIS
-B<capinfos>
+[manarg]
-S<[ B<-a> ]>
+*capinfos*
-S<[ B<-A> ]>
+[ *-a* ]
-S<[ B<-b> ]>
+[ *-A* ]
-S<[ B<-B> ]>
+[ *-b* ]
-S<[ B<-c> ]>
+[ *-B* ]
-S<[ B<-C> ]>
+[ *-c* ]
-S<[ B<-d> ]>
+[ *-C* ]
-S<[ B<-D> ]>
+[ *-d* ]
-S<[ B<-e> ]>
+[ *-D* ]
-S<[ B<-E> ]>
+[ *-e* ]
-S<[ B<-F> ]>
+[ *-E* ]
-S<[ B<-h> ]>
+[ *-F* ]
-S<[ B<-H> ]>
+[ *-h* ]
-S<[ B<-i> ]>
+[ *-H* ]
-S<[ B<-I> ]>
+[ *-i* ]
-S<[ B<-k> ]>
+[ *-I* ]
-S<[ B<-K> ]>
+[ *-k* ]
-S<[ B<-l> ]>
+[ *-K* ]
-S<[ B<-L> ]>
+[ *-l* ]
-S<[ B<-m> ]>
+[ *-L* ]
-S<[ B<-M> ]>
+[ *-m* ]
-S<[ B<-n> ]>
+[ *-M* ]
-S<[ B<-N> ]>
+[ *-n* ]
-S<[ B<-o> ]>
+[ *-N* ]
-S<[ B<-q> ]>
+[ *-o* ]
-S<[ B<-Q> ]>
+[ *-q* ]
-S<[ B<-r> ]>
+[ *-Q* ]
-S<[ B<-R> ]>
+[ *-r* ]
-S<[ B<-s> ]>
+[ *-R* ]
-S<[ B<-S> ]>
+[ *-s* ]
-S<[ B<-t> ]>
+[ *-S* ]
-S<[ B<-T> ]>
+[ *-t* ]
-S<[ B<-u> ]>
+[ *-T* ]
-S<[ B<-v> ]>
+[ *-u* ]
-S<[ B<-x> ]>
+[ *-v* ]
-S<[ B<-y> ]>
+[ *-x* ]
-S<[ B<-z> ]>
+[ *-y* ]
-E<lt>I<infile>E<gt>
+[ *-z* ]
-I<...>
+<__infile__>
 __...__
-=head1 DESCRIPTION
+== DESCRIPTION
-B<Capinfos> is a program that reads one or more capture files and
+*Capinfos* is a program that reads one or more capture files and
-returns some or all available statistics (infos) of each E<lt>I<infile>E<gt>
+returns some or all available statistics (infos) of each <__infile__>
 in one of two types of output formats: long or table.
 The long output is suitable for a human to read.  The table output
@ -64,41 +66,44 @@ a spreadsheet or database.
 The user specifies what type of output (long or table) and which
 statistics to display by specifying flags (options) that corresponding
 to the report type and desired infos.  If no options are specified,
-B<Capinfos> will report all statistics available in "long" format.
+*Capinfos* will report all statistics available in "long" format.
 Options are processed from left to right order with later options
 superseding or adding to earlier options.
-B<Capinfos> is able to detect and read the same capture files that are
+*Capinfos* is able to detect and read the same capture files that are
-supported by B<Wireshark>.
+supported by *Wireshark*.
 The input files don't need a specific filename extension; the file
 format and an optional gzip, zstd or lz4 compression will be automatically detected.
-Near the beginning of the DESCRIPTION section of wireshark(1) or
+Near the beginning of the DESCRIPTION section of xref:wireshark.html[wireshark](1) or
-L<https://www.wireshark.org/docs/man-pages/wireshark.html>
+https://www.wireshark.org/docs/man-pages/wireshark.html
-is a detailed description of the way B<Wireshark> handles this, which is
+is a detailed description of the way *Wireshark* handles this, which is
-the same way B<Capinfos> handles this.
+the same way *Capinfos* handles this.
-=head1 OPTIONS
+== OPTIONS
-=over 4
+-a::
-
+
-=item -a
+--
-
+Displays the start time of the capture.  *Capinfos* considers
 Displays the start time of the capture.  B<Capinfos> considers
 the earliest timestamp seen to be the start time, so the
 first packet in the capture is not necessarily the earliest -
 if packets exist "out-of-order", time-wise, in the capture,
-B<Capinfos> detects this.
+*Capinfos* detects this.
-
+--
 =item -A
 -A::
 +
 --
 Generate all infos. By default capinfos will display
 all infos values for each input file, but enabling
 any of the individual display infos options will
 disable the generate all option.
 --
-=item -b
+-b::
-
+
 --
 Separate infos with ASCII SPACE (0x20) characters.
 This option is only useful when generating a table
 style report (-T).  The various info values will be
@ -109,22 +114,28 @@ NOTE: Since some of the header labels as well as some
 of the value fields contain SPACE characters.  This
 option is of limited value unless one of the quoting
 options (-q or -Q) is also specified.
 --
-=item -B
+-B::
-
+
 --
 Separate the infos with ASCII TAB characters.
 This option is only useful when generating a table
 style report (-T).  The various info values will be
 separated (delimited) from one another with a single
 ASCII TAB character.  The TAB character is the default
 delimiter when -T style report is enabled.
 --
-=item -c
+-c::
-
+
 --
 Displays the number of packets in the capture file.
 --
-=item -C
+-C::
-
+
 --
 Cancel processing any additional files if and
 when capinfos fails to open an input file
 or gets an error reading an input file.
@ -137,117 +148,155 @@ an error reading from a file regardless whether
 the -C option is specified or not.
 Upon exit, capinfos will return an error status
 if any errors occurred during processing.
 --
-=item -d
+-d::
-
+
 --
 Displays the total length of all packets in the file, in
 bytes.  This counts the size of the packets as they appeared
 in their original form, not as they appear in this file.
 For example, if a packet was originally 1514 bytes and only
 256 of those bytes were saved to the capture file (if packets
 were captured with a snaplen or other slicing option),
-B<Capinfos> will consider the packet to have been 1514 bytes.
+*Capinfos* will consider the packet to have been 1514 bytes.
-
+--
 =item -D
 -D::
 +
 --
 Displays a count of the number of decryption secrets in the file.
 --
-=item -e
+-e::
-
+
-Displays the end time of the capture.  B<Capinfos> considers
+--
 Displays the end time of the capture.  *Capinfos* considers
 the latest timestamp seen to be the end time, so the
 last packet in the capture is not necessarily the latest -
 if packets exist "out-of-order", time-wise, in the capture,
-B<Capinfos> detects this.
+*Capinfos* detects this.
-
+--
 =item -E
 -E::
 +
 --
 Displays the per-file encapsulation of the capture file.
 --
-=item -F
+-F::
-
+
 --
 Displays additional capture file information.
 --
-=item -h
+-h::
-
+
 --
 Prints the help listing and exits.
 --
-=item -H
+-H::
-
+
 --
 Displays the SHA256, RIPEMD160, and SHA1 hashes for the file.
 SHA1 output may be removed in the future.
 --
-=item -i
+-i::
-
+
 --
 Displays the average data rate, in bits/sec
 --
-=item -I
+-I::
-
+
 --
 Displays detailed capture file interface information. This information
 is not available in table format.
 --
-=item -k
+-k::
-
+
 --
 Displays the capture comment. For pcapng files, this is the comment from the
 section header block.
 --
-=item -K
+-K::
-
+
 --
 Use this option to suppress printing capture comments.  By default capture
 comments are enabled.  Capture comments are relatively freeform and might
 contain embedded new-line characters and/or other delimiting characters
 making it harder for a human or machine to easily parse the capinfos output.
 Excluding capture comments can aid in post-processing of output.
 --
-=item -l
+-l::
-
+
 --
 Display the snaplen (if any) for a file.
 snaplen (if available) is determined from the capture file header
 and by looking for truncated records in the capture file.
 --
-=item -L
+-L::
-
+
 --
 Generate long report.  Capinfos can generate two
 different styles of reports.  The "long" report is
 the default style of output and is suitable for a
 human to use.
 --
-=item -m
+-m::
-
+
 --
 Separate the infos with comma (,) characters.  This option
 is only useful when generating a table style report (-T).
 The various info values will be separated (delimited)
 from one another with a single comma "," character.
 --
-=item -M
+-M::
-
+
 --
 Print raw (machine readable) values in long reports.
 By default capinfos prints numeric values with human-readable SI
 suffixes, and shows human-readable file type and encapsulation.
 Table reports (-T) always print raw values.
 --
-=item -n
+-n::
-
+
 --
 Displays a count of the number of resolved IPv4 addresses and a count of
 the number of resolved IPv6 addresses in the file.
 --
-=item -N
+-N::
-
+
 --
 Do not quote the infos.  This option is only useful
 when generating a table style report (-T).  Excluding
 any quoting characters around the various values and
 using a TAB delimiter produces a very "clean" table
 report that is easily parsed with CLI tools.  By
-default infos are B<NOT> quoted.
+default infos are *NOT* quoted.
-
+--
 =item -o
 -o::
 +
 --
 Displays "True" if packets exist in strict chronological order
 or "False" if one or more packets in the capture exists
 "out-of-order" time-wise.
 --
-=item -q
+-q::
-
+
 --
 Quote infos with single quotes ('). This option is
 only useful when generating a table style report (-T).
 When this option is enabled, each value will be
@ -255,9 +304,11 @@ encapsulated within a pair of single quote (')
 characters.  This option (when used  with the -m
 option) is useful for generating one type of CSV
 style file report.
 --
-=item -Q
+-Q::
-
+
 --
 Quote infos with double quotes (").  This option is
 only useful when generating a table style report (-T).
 When this option is enabled, each value will be
@ -265,69 +316,90 @@ encapsulated within a pair of double quote (")
 characters.  This option (when used with the -m
 option) is useful for generating the most common
 type of CSV style file report.
 --
-=item -r
+-r::
-
+
 --
 Do not generate header record.  This option is only
 useful when generating a table style report (-T).
-If this option is specified then B<no> header record will be
+If this option is specified then *no* header record will be
 generated within the table report.
 --
-=item -R
+-R::
-
+
 --
 Generate header record.  This option is only useful
 when generating a table style report (-T).  A header
 is generated by default.  A header record (if generated)
 is the first line of data reported and includes labels
 for all the columns included within the table report.
 --
-=item -s
+-s::
-
+
 --
 Displays the size of the file, in bytes.  This reports
 the size of the capture file itself.
 --
-=item -S
+-S::
-
+
 --
 Display the start and end times as seconds since January
-1, 1970. Handy for synchronizing dumps using B<editcap -t>.
+1, 1970. Handy for synchronizing dumps using *editcap -t*.
-
+--
 =item -t
 -t::
 +
 --
 Displays the capture type of the capture file.
 --
-=item -T
+-T::
-
+
 --
 Generate a table report. A table report is a text file
 that is suitable for importing into a spreadsheet or
 database.  Capinfos can build a tab delimited text file
 (the default) or several variations on Comma-separated
 values (CSV) files.
 --
-=item -u
+-u::
-
+
 --
 Displays the capture duration, in seconds.  This is the
 difference in time between the earliest packet seen and
 latest packet seen.
 --
-=item -v
+-v::
-
+
 --
 Displays the tool's version and exits.
 --
-=item -x
+-x::
-
+
 --
 Displays the average packet rate, in packets/sec
 --
-=item -y
+-y::
-
+
 --
 Displays the average data rate, in bytes/sec
 --
-=item -z
+-z::
-
+
 --
 Displays the average packet size, in bytes
 --
-=back
+== EXAMPLES
 =head1 EXAMPLES
 To see a description of the capinfos options use:
@ -352,7 +424,6 @@ or
    capinfos -TmQ mycapture.pcap
 To generate a TAB delimited table style report with just the
 filenames, capture type, capture encapsulation type and packet
 count for all the pcap files in the current directory use:
@ -375,27 +446,26 @@ a text file called mycaptures.csv use:
 The resulting mycaptures.csv file can be easily imported
 into spreadsheet applications.
-=head1 SEE ALSO
+== SEE ALSO
-pcap(3), wireshark(1), mergecap(1), editcap(1), tshark(1),
+xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:wireshark.html[wireshark](1), xref:mergecap.html[mergecap](1), xref:editcap.html[editcap](1), xref:tshark.html[tshark](1),
-dumpcap(1), captype(1), pcap-filter(7) or tcpdump(8)
+xref:dumpcap.html[dumpcap](1), xref:captype.html[captype](1), xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8)
-=head1 NOTES
+== NOTES
-B<Capinfos> is part of the B<Wireshark> distribution.  The latest version
+*Capinfos* is part of the *Wireshark* distribution.  The latest version
-of B<Wireshark> can be found at L<https://www.wireshark.org>.
+of *Wireshark* can be found at https://www.wireshark.org.
 HTML versions of the Wireshark project man pages are available at:
-L<https://www.wireshark.org/docs/man-pages>.
+https://www.wireshark.org/docs/man-pages.
-=head1 AUTHORS
+== AUTHORS
-  Original Author
+.Original Author
-  -------- ------
+[%hardbreaks]
-  Ian Schorr           <ian[AT]ianschorr.com>
+Ian Schorr <ian[AT]ianschorr.com>
-
+.Contributors
-  Contributors
+[%hardbreaks]
-  ------------
+Gerald Combs <gerald[AT]wireshark.org>
-  Gerald Combs         <gerald[AT]wireshark.org>
+Jim Young <jyoung[AT]gsu.edu>
  Jim Young            <jyoung[AT]gsu.edu>
--- a/doc/captype.adoc
+++ b/doc/captype.adoc
@ -1,54 +1,55 @@
-=begin man
+= captype(1)
 :doctype: manpage
 include::../docbook/attributes.adoc[]
 :stylesheet: ws.css
 :linkcss:
 :copycss: ../docbook/{stylesheet}
-=encoding utf8
+== NAME
 =end man
 =head1 NAME
 captype - Prints the types of capture files
-=head1 SYNOPSIS
+== SYNOPSIS
-B<captype>
+[manarg]
-E<lt>I<infile>E<gt>
+*captype*
-I<...>
+<__infile__>
 __...__
-=head1 DESCRIPTION
+== DESCRIPTION
-B<Captype> is a program that opens one or more capture files and
+*Captype* is a program that opens one or more capture files and
-prints the capture file type of each E<lt>I<infile>E<gt>.
+prints the capture file type of each <__infile__>.
-B<Captype> is able to detect and read the same capture files that are
+*Captype* is able to detect and read the same capture files that are
-supported by B<Wireshark>.
+supported by *Wireshark*.
 The input files don't need a specific filename extension; the file
 format and an optional gzip, zstd or lz4 compression will be automatically detected.
-Near the beginning of the DESCRIPTION section of wireshark(1) or
+Near the beginning of the DESCRIPTION section of xref:wireshark.html[wireshark](1) or
-L<https://www.wireshark.org/docs/man-pages/wireshark.html>
+https://www.wireshark.org/docs/man-pages/wireshark.html
-is a detailed description of the way B<Wireshark> handles this, which is
+is a detailed description of the way *Wireshark* handles this, which is
-the same way B<Captype> handles this.
+the same way *Captype* handles this.
-=head1 SEE ALSO
+== SEE ALSO
-pcap(3), wireshark(1), mergecap(1), editcap(1), tshark(1),
+xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:wireshark.html[wireshark](1), xref:mergecap.html[mergecap](1), xref:editcap.html[editcap](1), xref:tshark.html[tshark](1),
-dumpcap(1), capinfos(1), pcap-filter(7) or tcpdump(8)
+xref:dumpcap.html[dumpcap](1), xref:capinfos.html[capinfos](1), xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8)
-=head1 NOTES
+== NOTES
-B<Captype> is part of the B<Wireshark> distribution.  The latest version
+*Captype* is part of the *Wireshark* distribution.  The latest version
-of B<Wireshark> can be found at L<https://www.wireshark.org>.
+of *Wireshark* can be found at https://www.wireshark.org.
 HTML versions of the Wireshark project man pages are available at:
-L<https://www.wireshark.org/docs/man-pages>.
+https://www.wireshark.org/docs/man-pages.
-=head1 AUTHORS
+== AUTHORS
-  Original Author
+.Original Author
-  -------- ------
+[%hardbreaks]
-  Ian Schorr           <ian[AT]ianschorr.com>
+Ian Schorr <ian[AT]ianschorr.com>
-
+.Contributors
-  Contributors
+[%hardbreaks]
-  ------------
+Gerald Combs <gerald[AT]wireshark.org>
-  Gerald Combs         <gerald[AT]wireshark.org>
+Jim Young <jyoung[AT]gsu.edu>
  Jim Young            <jyoung[AT]gsu.edu>
--- a/doc/ciscodump.adoc
+++ b/doc/ciscodump.adoc
@ -1,125 +1,149 @@
-=begin man
+= ciscodump(1)
 :doctype: manpage
 include::../docbook/attributes.adoc[]
 :stylesheet: ws.css
 :linkcss:
 :copycss: ../docbook/{stylesheet}
-=encoding utf8
+== NAME
 =end man
 =head1 NAME
 ciscodump - Provide interfaces to capture from a remote Cisco router through SSH.
-=head1 SYNOPSIS
+== SYNOPSIS
-B<ciscodump>
+[manarg]
-S<[ B<--help> ]>
+*ciscodump*
-S<[ B<--version> ]>
+[ *--help* ]
-S<[ B<--extcap-interfaces> ]>
+[ *--version* ]
-S<[ B<--extcap-dlts> ]>
+[ *--extcap-interfaces* ]
-S<[ B<--extcap-interface>=E<lt>interfaceE<gt> ]>
+[ *--extcap-dlts* ]
-S<[ B<--extcap-config> ]>
+[ *--extcap-interface*=<interface> ]
-S<[ B<--extcap-capture-filter>=E<lt>capture filterE<gt> ]>
+[ *--extcap-config* ]
-S<[ B<--capture> ]>
+[ *--extcap-capture-filter*=<capture filter> ]
-S<[ B<--fifo>=E<lt>path to file or pipeE<gt> ]>
+[ *--capture* ]
-S<[ B<--remote-host>=E<lt>IP addressE<gt> ]>
+[ *--fifo*=<path to file or pipe> ]
-S<[ B<--remote-port>=E<lt>TCP portE<gt> ]>
+[ *--remote-host*=<IP address> ]
-S<[ B<--remote-username>=E<lt>usernameE<gt> ]>
+[ *--remote-port*=<TCP port> ]
-S<[ B<--remote-password>=E<lt>passwordE<gt> ]>
+[ *--remote-username*=<username> ]
-S<[ B<--remote-filter>=E<lt>filterE<gt> ]>
+[ *--remote-password*=<password> ]
-S<[ B<--sshkey>=E<lt>public key pathE<gt> ]>
+[ *--remote-filter*=<filter> ]
-S<[ B<--remote-interface>=E<lt>interfaceE<gt> ]>
+[ *--sshkey*=<public key path> ]
 [ *--remote-interface*=<interface> ]
 [manarg]
 *ciscodump*
 *--extcap-interfaces*
-B<ciscodump>
+[manarg]
-S<B<--extcap-interfaces>>
+*ciscodump*
 *--extcap-interface*=<interface>
 *--extcap-dlts*
-B<ciscodump>
+[manarg]
-S<B<--extcap-interface>=E<lt>interfaceE<gt>>
+*ciscodump*
-S<B<--extcap-dlts>>
+*--extcap-interface*=<interface>
 *--extcap-config*
-B<ciscodump>
+[manarg]
-S<B<--extcap-interface>=E<lt>interfaceE<gt>>
+*ciscodump*
-S<B<--extcap-config>>
+*--extcap-interface*=<interface>
 *--fifo*=<path to file or pipe>
 *--capture*
 *--remote-host=remoterouter*
 *--remote-port=22*
 *--remote-username=user*
 *--remote-interface*=<the router interface>
-B<ciscodump>
+== DESCRIPTION
 S<B<--extcap-interface>=E<lt>interfaceE<gt>>
 S<B<--fifo>=E<lt>path to file or pipeE<gt>>
 S<B<--capture>>
 S<B<--remote-host=remoterouter>>
 S<B<--remote-port=22>>
 S<B<--remote-username=user>>
 S<B<--remote-interface>=E<lt>the router interfaceE<gt>>
-=head1 DESCRIPTION
+*Ciscodump* is an extcap tool that relies on Cisco EPC to allow a user to run a remote capture
 B<Ciscodump> is an extcap tool that relies on Cisco EPC to allow a user to run a remote capture
 on a Cisco router in a SSH connection. The minimum IOS version supporting this feature is 12.4(20)T. More details can be
 found here:
 https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-embedded-packet-capture/datasheet_c78-502727.html
 Supported interfaces:
-=over 4
+1. cisco
-=item 1. cisco
+== OPTIONS
 =back
 =head1 OPTIONS
 =over 4
 =item --help
 --help::
 +
 --
 Print program arguments.
 --
-=item --version
+--version::
-
+
 --
 Print program version.
 --
-=item --extcap-interfaces
+--extcap-interfaces::
-
+
 --
 List available interfaces.
 --
-=item --extcap-interface=E<lt>interfaceE<gt>
+--extcap-interface=<interface>::
-
+
 --
 Use specified interfaces.
 --
-=item --extcap-dlts
+--extcap-dlts::
-
+
 --
 List DLTs of specified interface.
 --
-=item --extcap-config
+--extcap-config::
-
+
 --
 List configuration options of specified interface.
 --
-=item --capture
+--capture::
-
+
 --
 Start capturing from specified interface and save it in place specified by --fifo.
 --
-=item --fifo=E<lt>path to file or pipeE<gt>
+--fifo=<path to file or pipe>::
-
+
 --
 Save captured packet to file or send it through pipe.
 --
-=item --remote-host=E<lt>remote hostE<gt>
+--remote-host=<remote host>::
-
+
 --
 The address of the remote host for capture.
 --
-=item --remote-port=E<lt>remote portE<gt>
+--remote-port=<remote port>::
-
+
 --
 The SSH port of the remote host.
 --
-=item --remote-username=E<lt>usernameE<gt>
+--remote-username=<username>::
-
+
 --
 The username for ssh authentication.
 --
-=item --remote-password=E<lt>passwordE<gt>
+--remote-password=<password>::
-
+
 --
 The password to use (if not ssh-agent and pubkey are used). WARNING: the
 passwords are stored in plaintext and visible to all users on this system. It is
 recommended to use keyfiles with a SSH agent.
 --
-=item --remote-filter=E<lt>filterE<gt>
+--remote-filter=<filter>::
-
+
 --
 The remote filter on the router. This is a capture filter that follows the Cisco
 IOS standards
 (https://www.cisco.com/c/en/us/support/docs/ip/access-lists/26448-ACLsamples.html).
@ -132,22 +156,27 @@ Examples:
    permit ip host MYHOST any, permit ip any host MYHOST (capture the traffic for MYHOST)
    deny ip host MYHOST any, deny ip any host MYHOST, permit ip any any (capture all the traffic except MYHOST)
 --
-=item --sshkey=E<lt>SSH private key pathE<gt>
+--sshkey=<SSH private key path>::
-
+
 --
 The path to a private key for authentication.
 --
-=item --remote-interface=E<lt>remote interfaceE<gt>
+--remote-interface=<remote interface>::
-
+
 --
 The remote network interface to capture from.
 --
-=item --extcap-capture-filter=E<lt>capture filterE<gt>
+--extcap-capture-filter=<capture filter>::
-
+
 --
 Unused (compatibility only).
 --
-=back
+== EXAMPLES
 =head1 EXAMPLES
 To see program arguments:
@ -200,7 +229,6 @@ To see interface configuration options:
    arg {number=8}{call=--remote-count}{display=Packets to capture}{type=unsigned}{required=true}
        {tooltip=The number of remote packets to capture.}
 To capture:
    ciscodump --extcap-interface cisco --fifo=/tmp/cisco.pcap --capture --remote-host 192.168.1.10
@ -209,7 +237,7 @@ To capture:
 NOTE: Packet count is mandatory, hence the capture will start after this number.
-=head1 KNOWN ISSUES
+== KNOWN ISSUES
 The configuration of the capture on the routers is a multi-step process. If the SSH connection is interrupted during
 it, the configuration can be in an inconsistent state. That can happen also if the capture is stopped and ciscodump
@ -222,20 +250,20 @@ buffer, ciscodump waits for the capture to complete and then issues the command
 specifies a number of packets above the currently captured, the show command is never shown. Not only is the count of
 the maximum number of captured packets, but it is also the _exact_ number of expected packets.
-=head1 SEE ALSO
+== SEE ALSO
-wireshark(1), tshark(1), dumpcap(1), extcap(4), sshdump(1)
+xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4), xref:sshdump.html[sshdump](1)
-=head1 NOTES
+== NOTES
-B<ciscodump> is part of the B<Wireshark> distribution.  The latest version
+*ciscodump* is part of the *Wireshark* distribution.  The latest version
-of B<Wireshark> can be found at L<https://www.wireshark.org>.
+of *Wireshark* can be found at https://www.wireshark.org.
 HTML versions of the Wireshark project man pages are available at:
-L<https://www.wireshark.org/docs/man-pages>.
+https://www.wireshark.org/docs/man-pages.
-=head1 AUTHORS
+== AUTHORS
-  Original Author
+.Original Author
-  -------- ------
+[%hardbreaks]
-  Dario Lombardo             <lomato[AT]gmail.com>
+Dario Lombardo <lomato[AT]gmail.com>
--- a/doc/dftest.adoc
+++ b/doc/dftest.adoc
@ -1,33 +1,33 @@
-=begin man
+= dftest(1)
 :doctype: manpage
 include::../docbook/attributes.adoc[]
 :stylesheet: ws.css
 :linkcss:
 :copycss: ../docbook/{stylesheet}
-=encoding utf8
+== NAME
 =end man
 =head1 NAME
 dftest - Shows display filter byte-code, for debugging dfilter routines.
-=head1 SYNOPSIS
+== SYNOPSIS
-B<dftest>
+[manarg]
-S<[ E<lt>filterE<gt> ]>
+*dftest*
 [ <filter> ]
-=head1 DESCRIPTION
+== DESCRIPTION
-B<dftest> is a simple tool which compiles a display filter and shows its bytecode.
+*dftest* is a simple tool which compiles a display filter and shows its bytecode.
-=head1 OPTIONS
+== OPTIONS
 =over 4
 =item filter
 filter::
 +
 --
 The display filter expression. If needed it has to be quoted.
 --
-=back
+== EXAMPLES
 =head1 EXAMPLES
 Show how the IP protocol is filtered:
@ -37,6 +37,6 @@ Shows how frame 150 is filtered:
    dftest "frame.number == 150"
-=head1 SEE ALSO
+== SEE ALSO
-wireshark-filter(4)
+xref:wireshark-filter.html[wireshark-filter](4)
--- a/doc/dpauxmon.adoc
+++ b/doc/dpauxmon.adoc
@ -1,100 +1,116 @@
-=begin man
+= dpauxmon(1)
 :doctype: manpage
 include::../docbook/attributes.adoc[]
 :stylesheet: ws.css
 :linkcss:
 :copycss: ../docbook/{stylesheet}
-=encoding utf8
+== NAME
 =end man
 =head1 NAME
 dpauxmon - Provide interfaces to capture DisplayPort AUX channel data.
-=head1 SYNOPSIS
+== SYNOPSIS
-B<dpauxmon>
+[manarg]
-S<[ B<--help> ]>
+*dpauxmon*
-S<[ B<--version> ]>
+[ *--help* ]
-S<[ B<--extcap-interfaces> ]>
+[ *--version* ]
-S<[ B<--extcap-dlts> ]>
+[ *--extcap-interfaces* ]
-S<[ B<--extcap-interface>=E<lt>interfaceE<gt> ]>
+[ *--extcap-dlts* ]
-S<[ B<--extcap-config> ]>
+[ *--extcap-interface*=<interface> ]
-S<[ B<--extcap-capture-filter>=E<lt>capture filterE<gt> ]>
+[ *--extcap-config* ]
-S<[ B<--capture> ]>
+[ *--extcap-capture-filter*=<capture filter> ]
-S<[ B<--fifo>=E<lt>path to file or pipeE<gt> ]>
+[ *--capture* ]
-S<[ B<--interface_id>=E<lt>Interface ID to captureE<gt> ]>
+[ *--fifo*=<path to file or pipe> ]
 [ *--interface_id*=<Interface ID to capture> ]
-B<dpauxmon>
+[manarg]
-S<B<--extcap-interfaces>>
+*dpauxmon*
 *--extcap-interfaces*
-B<dpauxmon>
+[manarg]
-S<B<--extcap-interface>=E<lt>interfaceE<gt>>
+*dpauxmon*
-S<B<--extcap-dlts>>
+*--extcap-interface*=<interface>
 *--extcap-dlts*
-B<dpauxmon>
+[manarg]
-S<B<--extcap-interface>=E<lt>interfaceE<gt>>
+*dpauxmon*
-S<B<--extcap-config>>
+*--extcap-interface*=<interface>
 *--extcap-config*
-B<dpauxmon>
+[manarg]
-S<B<--extcap-interface>=E<lt>interfaceE<gt>>
+*dpauxmon*
-S<B<--fifo>=E<lt>path to file or pipeE<gt>>
+*--extcap-interface*=<interface>
-S<B<--capture>>
+*--fifo*=<path to file or pipe>
-S<B<--interface_id=interface_id>>
+*--capture*
 *--interface_id=interface_id*
-=head1 DESCRIPTION
+== DESCRIPTION
-B<dpauxmon> is an extcap tool that can capture DisplayPort AUX channel data
+*dpauxmon* is an extcap tool that can capture DisplayPort AUX channel data
 from linux kernel drivers using the generic netlink interface.
 Supported interfaces:
-=over 4
+1. dpauxmon
-=item 1. dpauxmon
+== OPTIONS
 =back
 =head1 OPTIONS
 =over 4
 =item --help
 --help::
 +
 --
 Print program arguments.
 --
-=item --version
+--version::
-
+
 --
 Print program version.
 --
-=item --extcap-interfaces
+--extcap-interfaces::
-
+
 --
 List available interfaces.
 --
-=item --extcap-interface=E<lt>interfaceE<gt>
+--extcap-interface=<interface>::
-
+
 --
 Use specified interfaces.
 --
-=item --extcap-dlts
+--extcap-dlts::
-
+
 --
 List DLTs of specified interface.
 --
-=item --extcap-config
+--extcap-config::
-
+
 --
 List configuration options of specified interface.
 --
-=item --capture
+--capture::
-
+
 --
 Start capturing from specified interface and save it in place specified by --fifo.
 --
-=item --fifo=E<lt>path to file or pipeE<gt>
+--fifo=<path to file or pipe>::
-
+
 --
 Save captured packet to file or send it through pipe.
 --
-=item --interface_idt=E<lt>interface idE<gt>
+--interface_idt=<interface id>::
-
+
 --
 The interface for capture.
 --
-=back
+== EXAMPLES
 =head1 EXAMPLES
 To see program arguments:
@ -134,20 +150,20 @@ To capture:
    dpauxmon --extcap-interface=dpauxmon --fifo=/tmp/dpauxmon.pcap --capture --interface_id 0
-=head1 SEE ALSO
+== SEE ALSO
-wireshark(1), tshark(1), dumpcap(1), extcap(4)
+xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4)
-=head1 NOTES
+== NOTES
-B<dpauxmon> is part of the B<Wireshark> distribution.  The latest version
+*dpauxmon* is part of the *Wireshark* distribution.  The latest version
-of B<Wireshark> can be found at L<https://www.wireshark.org>.
+of *Wireshark* can be found at https://www.wireshark.org.
 HTML versions of the Wireshark project man pages are available at:
-L<https://www.wireshark.org/docs/man-pages>.
+https://www.wireshark.org/docs/man-pages.
-=head1 AUTHORS
+== AUTHORS
-  Original Author
+.Original Author
-  -------- ------
+[%hardbreaks]
-  Dirk Eibach             <dirk.eibach[AT]gdsys.cc>
+Dirk Eibach <dirk.eibach[AT]gdsys.cc>
--- a/doc/dumpcap.adoc
+++ b/doc/dumpcap.adoc
@ -1,149 +1,154 @@
-=begin man
+= dumpcap(1)
 :doctype: manpage
 include::../docbook/attributes.adoc[]
 :stylesheet: ws.css
 :linkcss:
 :copycss: ../docbook/{stylesheet}
-=encoding utf8
+== NAME
 =end man
 =head1 NAME
 dumpcap - Dump network traffic
-=head1 SYNOPSIS
+== SYNOPSIS
-B<dumpcap>
+[manarg]
-S<[ B<-a>|B<--autostop> E<lt>capture autostop conditionE<gt> ] ...>
+*dumpcap*
-S<[ B<-b>|B<--ring-buffer> E<lt>capture ring buffer optionE<gt> ] ...>
+[ *-a*|*--autostop* <capture autostop condition> ] ...
-S<[ B<-B>|B<--buffer-size> E<lt>capture buffer sizeE<gt> ]>
+[ *-b*|*--ring-buffer* <capture ring buffer option> ] ...
-S<[ B<-c> E<lt>capture packet countE<gt> ]>
+[ *-B*|*--buffer-size* <capture buffer size> ]
-S<[ B<-C> E<lt>byte limitE<gt> ]>
+[ *-c* <capture packet count> ]
-S<[ B<-d> ]>
+[ *-C* <byte limit> ]
-S<[ B<-D>|B<--list-interfaces> ]>
+[ *-d* ]
-S<[ B<-f> E<lt>capture filterE<gt> ]>
+[ *-D*|*--list-interfaces* ]
-S<[ B<-g> ]>
+[ *-f* <capture filter> ]
-S<[ B<-h>|B<--help> ]>
+[ *-g* ]
-S<[ B<-i>|B<--interface> E<lt>capture interfaceE<gt>|rpcap://E<lt>hostE<gt>:E<lt>portE<gt>/E<lt>capture interfaceE<gt>|TCP@E<lt>hostE<gt>:E<lt>portE<gt>|- ]>
+[ *-h*|*--help* ]
-S<[ B<-I>|B<--monitor-mode> ]>
+[ *-i*|*--interface* <capture interface>|rpcap://<host>:<port>/<capture interface>|TCP@<host>:<port>|- ]
-S<[ B<-k> E<lt>freqE<gt>,[E<lt>typeE<gt>],[E<lt>center_freq1E<gt>],[E<lt>center_freq2E<gt>] ]>
+[ *-I*|*--monitor-mode* ]
-S<[ B<-L>|B<--list-data-link-types> ]>
+[ *-k* <freq>,[<type>],[<center_freq1>],[<center_freq2>] ]
-S<[ B<-M> ]>
+[ *-L*|*--list-data-link-types* ]
-S<[ B<-n> ]>
+[ *-M* ]
-S<[ B<-N> E<lt>packet limitE<gt> ]>
+[ *-n* ]
-S<[ B<-p>|B<--no-promiscuous-mode> ]>
+[ *-N* <packet limit> ]
-S<[ B<--ifdescr> E<lt>descriptionE<gt> ]>
+[ *-p*|*--no-promiscuous-mode* ]
-S<[ B<--ifname> E<lt>nameE<gt> ]>
+[ *--ifdescr* <description> ]
-S<[ B<-P> ]>
+[ *--ifname* <name> ]
-S<[ B<-q> ]>
+[ *-P* ]
-S<[ B<-s>|B<--snapshot-length> E<lt>capture snaplenE<gt> ]>
+[ *-q* ]
-S<[ B<-S> ]>
+[ *-s*|*--snapshot-length* <capture snaplen> ]
-S<[ B<-t> ]>
+[ *-S* ]
-S<[ B<-v>|B<--version> ]>
+[ *-t* ]
-S<[ B<-w> E<lt>outfileE<gt> ]>
+[ *-v*|*--version* ]
-S<[ B<-y>|B<--linktype> E<lt>capture link typeE<gt> ]>
+[ *-w* <outfile> ]
-S<[ B<--capture-comment> E<lt>commentE<gt> ]>
+[ *-y*|*--linktype* <capture link type> ]
-S<[ B<--list-time-stamp-types> ]>
+[ *--capture-comment* <comment> ]
-S<[ B<--time-stamp-type> E<lt>typeE<gt> ]>
+[ *--list-time-stamp-types* ]
 [ *--time-stamp-type* <type> ]
-=head1 DESCRIPTION
+== DESCRIPTION
-B<Dumpcap> is a network traffic dump tool.  It lets you capture packet
+*Dumpcap* is a network traffic dump tool.  It lets you capture packet
-data from a live network and write the packets to a file.  B<Dumpcap>'s
+data from a live network and write the packets to a file.  *Dumpcap*'s
-default capture file format is B<pcapng> format.
+default capture file format is *pcapng* format.
-When the B<-P> option is specified, the output file is written in the
+When the *-P* option is specified, the output file is written in the
-B<pcap> format.
+*pcap* format.
 Without any options set it will use the libpcap, Npcap, or WinPcap library to
 capture traffic from the first available network interface and writes
 the received raw packet data, along with the packets' time stamps into a
 pcap file.
-If the B<-w> option is not specified, B<Dumpcap> writes to a newly
+If the *-w* option is not specified, *Dumpcap* writes to a newly
 created pcap file with a randomly chosen name.
-If the B<-w> option is specified, B<Dumpcap> writes to the file
+If the *-w* option is specified, *Dumpcap* writes to the file
 specified by that option.
 Packet capturing is performed with the pcap library.  The capture filter
 syntax follows the rules of the pcap library.
-=head1 OPTIONS
+== OPTIONS
-=over 4
+-a|--autostop  <capture autostop condition>::
 +
 --
 Specify a criterion that specifies when *Dumpcap* is to stop writing
 to a capture file.  The criterion is of the form __test:value__,
 where __test__ is one of:
-=item -a|--autostop  E<lt>capture autostop conditionE<gt>
+*duration*:__value__ Stop writing to a capture file after __value__ seconds have
 Specify a criterion that specifies when B<Dumpcap> is to stop writing
 to a capture file.  The criterion is of the form I<test:value>,
 where I<test> is one of:
 B<duration>:I<value> Stop writing to a capture file after I<value> seconds have
 elapsed. Floating point values (e.g. 0.5) are allowed.
-B<files>:I<value> Stop writing to capture files after I<value> number of files
+*files*:__value__ Stop writing to capture files after __value__ number of files
 were written.
-B<filesize>:I<value> Stop writing to a capture file after it reaches a size of
+*filesize*:__value__ Stop writing to a capture file after it reaches a size of
-I<value> kB. If this option is used together with the -b option, dumpcap will
+__value__ kB. If this option is used together with the -b option, dumpcap will
 stop writing to the current capture file and switch to the next one if filesize
 is reached.  Note that the filesize is limited to a maximum value of 2 GiB.
-B<packets>:I<value> Stop writing to a capture file after I<value> packets
+*packets*:__value__ Stop writing to a capture file after __value__ packets
-have been written. Same as B<-c> E<lt>capture packet countE<gt>.
+have been written. Same as *-c* <capture packet count>.
 --
-=item -b|--ring-buffer  E<lt>capture ring buffer optionE<gt>
+-b|--ring-buffer  <capture ring buffer option>::
 +
 --
 Cause *Dumpcap* to run in "multiple files" mode.  In "multiple files" mode,
 *Dumpcap* will write to several capture files. When the first capture file
 fills up, *Dumpcap* will switch writing to the next file and so on.
-Cause B<Dumpcap> to run in "multiple files" mode.  In "multiple files" mode,
+The created filenames are based on the filename given with the *-w* option,
 B<Dumpcap> will write to several capture files. When the first capture file
 fills up, B<Dumpcap> will switch writing to the next file and so on.
 The created filenames are based on the filename given with the B<-w> option,
 the number of the file and on the creation date and time,
 e.g. outfile_00001_20210714120117.pcap, outfile_00002_20210714120523.pcap, ...
-With the I<files> option it's also possible to form a "ring buffer".
+With the __files__ option it's also possible to form a "ring buffer".
 This will fill up new files until the number of files specified,
-at which point B<Dumpcap> will discard the data in the first file and start
+at which point *Dumpcap* will discard the data in the first file and start
-writing to that file and so on. If the I<files> option is not set,
+writing to that file and so on. If the __files__ option is not set,
 new files filled up until one of the capture stop conditions match (or
 until the disk is full).
-The criterion is of the form I<key:value>,
+The criterion is of the form __key:value__,
-where I<key> is one of:
+where __key__ is one of:
-B<duration>:I<value> switch to the next file after I<value> seconds have
+*duration*:__value__ switch to the next file after __value__ seconds have
 elapsed, even if the current file is not completely filled up. Floating
 point values (e.g. 0.5) are allowed.
-B<files>:I<value> begin again with the first file after I<value> number of
+*files*:__value__ begin again with the first file after __value__ number of
 files were written (form a ring buffer).  This value must be less than 100000.
 Caution should be used when using large numbers of files: some filesystems do
-not handle many files in a single directory well.  The B<files> criterion
+not handle many files in a single directory well.  The *files* criterion
-requires either B<duration>, B<interval> or B<filesize> to be specified to
+requires either *duration*, *interval* or *filesize* to be specified to
-control when to go to the next file.  It should be noted that each B<-b>
+control when to go to the next file.  It should be noted that each *-b*
 parameter takes exactly one criterion; to specify two criterion, each must be
-preceded by the B<-b> option.
+preceded by the *-b* option.
-B<filesize>:I<value> switch to the next file after it reaches a size of
+*filesize*:__value__ switch to the next file after it reaches a size of
-I<value> kB.  Note that the filesize is limited to a maximum value of 2 GiB.
+__value__ kB.  Note that the filesize is limited to a maximum value of 2 GiB.
-B<interval>:I<value> switch to the next file when the time is an exact
+*interval*:__value__ switch to the next file when the time is an exact
-multiple of I<value> seconds.  For example, use 3600 to switch to a new file
+multiple of __value__ seconds.  For example, use 3600 to switch to a new file
 every hour on the hour.
-B<packets>:I<value> switch to the next file after it contains I<value>
+*packets*:__value__ switch to the next file after it contains __value__
 packets.
-B<printname>:I<filename> print the name of the most recently written file
+*printname*:__filename__ print the name of the most recently written file
-to I<filename> after the file is closed. I<filename> can be C<stdout> or C<->
+to __filename__ after the file is closed. __filename__ can be `stdout` or `-`
-for standard output, or C<stderr> for standard error.
+for standard output, or `stderr` for standard error.
-Example: B<-b filesize:1000 -b files:5> results in a ring buffer of five files
+Example: *-b filesize:1000 -b files:5* results in a ring buffer of five files
 of size one megabyte each.
 --
-=item -B|--buffer-size  E<lt>capture buffer sizeE<gt>
+-B|--buffer-size  <capture buffer size>::
-
+
 --
 Set capture buffer size (in MiB, default is 2 MiB).  This is used by
 the capture driver to buffer packet data until that data can be written
 to disk.  If you encounter packet drops while capturing, try to increase
-this size.  Note that, while B<Dumpcap> attempts to set the buffer size
+this size.  Note that, while *Dumpcap* attempts to set the buffer size
 to 2 MiB by default, and can be told to set it to a larger value, the
 system or interface on which you're capturing might silently limit the
 capture buffer size to a lower value or raise it to a higher value.
@ -153,115 +158,137 @@ Windows.  It is not available on UNIX systems with earlier versions of
 libpcap.
 This option can occur multiple times. If used before the first
-occurrence of the B<-i> option, it sets the default capture buffer size.
+occurrence of the *-i* option, it sets the default capture buffer size.
-If used after an B<-i> option, it sets the capture buffer size for
+If used after an *-i* option, it sets the capture buffer size for
-the interface specified by the last B<-i> option occurring before
+the interface specified by the last *-i* option occurring before
 this option. If the capture buffer size is not set specifically,
 the default capture buffer size is used instead.
 --
-=item -c  E<lt>capture packet countE<gt>
+-c  <capture packet count>::
-
+
 --
 Set the maximum number of packets to read when capturing live
-data. Same as B<-a packets:>E<lt>capture packet countE<gt>.
+data. Same as *-a packets:*<capture packet count>.
-
+--
 =item -C  E<lt>byte limitE<gt>
 -C  <byte limit>::
 +
 --
 Limit the amount of memory in bytes used for storing captured packets
 in memory while processing it.
-If used in combination with the B<-N> option, both limits will apply.
+If used in combination with the *-N* option, both limits will apply.
 Setting this limit will enable the usage of the separate thread per interface.
 --
-=item -d
+-d::
-
+
 --
 Dump the code generated for the capture filter in a human-readable form,
 and exit.
 --
-=item -D|--list-interfaces
+-D|--list-interfaces::
-
+
-Print a list of the interfaces on which B<Dumpcap> can capture, and
+--
 Print a list of the interfaces on which *Dumpcap* can capture, and
 exit.  For each network interface, a number and an
 interface name, possibly followed by a text description of the
 interface, is printed.  The interface name or the number can be supplied
-to the B<-i> option to specify an interface on which to capture.
+to the *-i* option to specify an interface on which to capture.
 This can be useful on systems that don't have a command to list them
-(UNIX systems lacking B<ifconfig -a> or Linux systems lacking
+(UNIX systems lacking *ifconfig -a* or Linux systems lacking
-B<ip link show>). The number can be useful on Windows systems, where
+*ip link show*). The number can be useful on Windows systems, where
 the interface name might be a long name or a GUID.
-Note that "can capture" means that B<Dumpcap> was able to open
+Note that "can capture" means that *Dumpcap* was able to open
 that device to do a live capture. Depending on your system you may need to
 run dumpcap from an account with special privileges (for example, as root)
 to be able to capture network traffic.
-If "B<dumpcap -D>" is not run from such an account, it will not list
+If "*dumpcap -D*" is not run from such an account, it will not list
 any interfaces.
 --
-=item -f  E<lt>capture filterE<gt>
+-f  <capture filter>::
-
+
 --
 Set the capture filter expression.
 The entire filter expression must be specified as a single argument (which means
 that if it contains spaces, it must be quoted).
 This option can occur multiple times. If used before the first
-occurrence of the B<-i> option, it sets the default capture filter expression.
+occurrence of the *-i* option, it sets the default capture filter expression.
-If used after an B<-i> option, it sets the capture filter expression for
+If used after an *-i* option, it sets the capture filter expression for
-the interface specified by the last B<-i> option occurring before
+the interface specified by the last *-i* option occurring before
 this option. If the capture filter expression is not set specifically,
 the default capture filter expression is used if provided.
 Pre-defined capture filter names, as shown in the GUI menu item Capture->Capture Filters,
 can be used by prefixing the argument with "predef:".
-Example: B<-f "predef:MyPredefinedHostOnlyFilter">
+Example: *-f "predef:MyPredefinedHostOnlyFilter"*
-
+--
 =item -g
 -g::
 +
 --
 This option causes the output file(s) to be created with group-read permission
 (meaning that the output file(s) can be read by other members of the calling
 user's group).
 --
-=item -h|--help
+-h|--help::
-
+
 --
 Print the version and options and exits.
 --
-=item -i|--interface  E<lt>capture interfaceE<gt>|rpcap://E<lt>hostE<gt>:E<lt>portE<gt>/E<lt>capture interfaceE<gt>|TCP@E<lt>hostE<gt>:E<lt>portE<gt>|-
+-i|--interface  <capture interface>|rpcap://<host>:<port>/<capture interface>|TCP@<host>:<port>|-::
-
+
 --
 Set the name of the network interface or pipe to use for live packet
 capture.
 Network interface names should match one of the names listed in
-"B<dumpcap -D>" (described above); a number, as reported by
+"*dumpcap -D*" (described above); a number, as reported by
-"B<dumpcap -D>", can also be used.  If you're using UNIX, "B<netstat
+"*dumpcap -D*", can also be used.  If you're using UNIX, "*netstat
-i>", "B<ifconfig -a>" or "B<ip link>" might also work to list interface names,
+ -i*", "*ifconfig -a*" or "*ip link*" might also work to list interface names,
-although not all versions of UNIX support the B<-a> option to B<ifconfig>.
+although not all versions of UNIX support the *-a* option to *ifconfig*.
-If no interface is specified, B<Dumpcap> searches the list of
+If no interface is specified, *Dumpcap* searches the list of
 interfaces, choosing the first non-loopback interface if there are any
 non-loopback interfaces, and choosing the first loopback interface if
 there are no non-loopback interfaces. If there are no interfaces at all,
-B<Dumpcap> reports an error and doesn't start the capture.
+*Dumpcap* reports an error and doesn't start the capture.
 Pipe names should be either the name of a FIFO (named pipe) or "-" to
 read data from the standard input.  On Windows systems, pipe names must be
-of the form "\\pipe\.\B<pipename>".  Data read from pipes must be in
+of the form "\\pipe\.\*pipename*".  Data read from pipes must be in
 standard pcapng or pcap format. Pcapng data must have the same
 endianness as the capturing host.
 This option can occur multiple times. When capturing from multiple
 interfaces, the capture file will be saved in pcapng format.
 --
-=item --ifdescr> E<lt>descriptionE<gt>
+--ifdescr> <description>::
 +
 --
 Use __description__ as the description in the capture file for the
 interface or pipe specified before it with *-i*.
 --
-Use I<description> as the description in the capture file for the
+--ifname> <name>::
-interface or pipe specified before it with B<-i>.
+
-
+--
-=item --ifname> E<lt>nameE<gt>
+Use __name__ as the name in the capture file for the the interface or
-
+pipe specified before it with *-i*.
-Use I<name> as the name in the capture file for the the interface or
+--
 pipe specified before it with B<-i>.
 =item -I|--monitor-mode
 -I|--monitor-mode::
 +
 --
 Put the interface in "monitor mode"; this is supported only on IEEE
 802.11 Wi-Fi interfaces, and supported only on some operating systems.
@ -273,99 +300,125 @@ if you are capturing in monitor mode and are not connected to another
 network with another adapter.
 This option can occur multiple times. If used before the first
-occurrence of the B<-i> option, it enables the monitor mode for all interfaces.
+occurrence of the *-i* option, it enables the monitor mode for all interfaces.
-If used after an B<-i> option, it enables the monitor mode for
+If used after an *-i* option, it enables the monitor mode for
-the interface specified by the last B<-i> option occurring before
+the interface specified by the last *-i* option occurring before
 this option.
 --
-=item -k  E<lt>freqE<gt>,[E<lt>typeE<gt>],[E<lt>center_freq1E<gt>],[E<lt>center_freq2>E<gt>
+-k  <freq>,[<type>],[<center_freq1>],[<center_freq2>>::
-
+
 --
 Set the channel on the interface; this is supported only on IEEE
 802.11 Wi-Fi interfaces, and supported only on some operating systems.
-I<freq> is the frequency of the channel.  I<type> is the type of the
+__freq__ is the frequency of the channel.  __type__ is the type of the
-channel, for 802.11n and 802.11ac.  The values for I<type> are
+channel, for 802.11n and 802.11ac.  The values for __type__ are
-
+--
 =over 8
 =item NOHT
 NOHT::
 +
 --
 Used for non-802.11n/non-802.1ac channels
 --
-=item HT20
+HT20::
-
+
 --
 20 MHz channel
 --
-=item HT40-
+HT40-::
-
+
 --
 40 MHz primary channel and a lower secondary channel
 --
-=item HT40+
+HT40+::
-
+
 --
 40 MHz primary channel and a higher secondary channel
 --
-=item HT80
+HT80::
 +
 --
 80 MHz channel, with __centerfreq1__ as its center frequency
 --
-80 MHz channel, with I<centerfreq1> as its center frequency
+VHT80+80::
-
+
-=item VHT80+80
+--
-
+two 80 MHz channels combined, with __centerfreq1__ and __centerfreq2__ as
 two 80 MHz channels combined, with I<centerfreq1> and I<centerfreq2> as
 the center frequencies of the two channels
 --
-=item VHT160
+VHT160::
-
+
-160 MHz channel, with I<centerfreq1> as its center frequency
+--
-
+160 MHz channel, with __centerfreq1__ as its center frequency
-=back
+--
 =item -L|--list-data-link-types
 -L|--list-data-link-types::
 +
 --
 List the data link types supported by the interface and exit. The reported
-link types can be used for the B<-y> option.
+link types can be used for the *-y* option.
 --
-=item -M
+-M::
-
+
-When used with B<-D>, B<-L>, B<-S> or B<--list-time-stamp-types> print
+--
 When used with *-D*, *-L*, *-S* or *--list-time-stamp-types* print
 machine-readable output.
-The machine-readable output is intended to be read by B<Wireshark> and
+The machine-readable output is intended to be read by *Wireshark* and
-B<TShark>; its format is subject to change from release to release.
+*TShark*; its format is subject to change from release to release.
-
+--
 =item -n
 -n::
 +
 --
 Save files as pcapng. This is the default.
 --
-=item -N  E<lt>packet limitE<gt>
+-N  <packet limit>::
-
+
 --
 Limit the number of packets used for storing captured packets
 in memory while processing it.
-If used in combination with the B<-C> option, both limits will apply.
+If used in combination with the *-C* option, both limits will apply.
 Setting this limit will enable the usage of the separate thread per interface.
 --
-=item -p|--no-promiscuous-mode
+-p|--no-promiscuous-mode::
-
+
-I<Don't> put the interface into promiscuous mode.  Note that the
+--
 __Don't__ put the interface into promiscuous mode.  Note that the
 interface might be in promiscuous mode for some other reason; hence,
-B<-p> cannot be used to ensure that the only traffic that is captured is
+*-p* cannot be used to ensure that the only traffic that is captured is
-traffic sent to or from the machine on which B<Dumpcap> is running,
+traffic sent to or from the machine on which *Dumpcap* is running,
 broadcast traffic, and multicast traffic to addresses received by that
 machine.
 This option can occur multiple times. If used before the first
-occurrence of the B<-i> option, no interface will be put into the
+occurrence of the *-i* option, no interface will be put into the
 promiscuous mode.
-If used after an B<-i> option, the interface specified by the last B<-i>
+If used after an *-i* option, the interface specified by the last *-i*
 option occurring before this option will not be put into the
 promiscuous mode.
 --
-=item -P
+-P::
-
+
 --
 Save files as pcap instead of the default pcapng. In situations that require
 pcapng, such as capturing from multiple interfaces, this option will be
 overridden.
 --
-=item -q
+-q::
-
+
 --
 When capturing packets, don't display the continuous count of packets
 captured that is normally shown when saving a capture to a file;
 instead, just display, at the end of the capture, a count of packets
@ -374,51 +427,65 @@ BSDs, you can cause the current count to be displayed by typing your
 "status" character (typically control-T, although it
 might be set to "disabled" by default on at least some BSDs, so you'd
 have to explicitly set it to use it).
 --
-=item -s|--snapshot-length  E<lt>capture snaplenE<gt>
+-s|--snapshot-length  <capture snaplen>::
-
+
 --
 Set the default snapshot length to use when capturing live data.
-No more than I<snaplen> bytes of each network packet will be read into
+No more than __snaplen__ bytes of each network packet will be read into
 memory, or saved to disk.  A value of 0 specifies a snapshot length of
 262144, so that the full packet is captured; this is the default.
 This option can occur multiple times. If used before the first
-occurrence of the B<-i> option, it sets the default snapshot length.
+occurrence of the *-i* option, it sets the default snapshot length.
-If used after an B<-i> option, it sets the snapshot length for
+If used after an *-i* option, it sets the snapshot length for
-the interface specified by the last B<-i> option occurring before
+the interface specified by the last *-i* option occurring before
 this option. If the snapshot length is not set specifically,
 the default snapshot length is used if provided.
 --
-=item -S
+-S::
-
+
 --
 Print statistics for each interface once every second.
 --
-=item -t
+-t::
-
+
 --
 Use a separate thread per interface.
 --
-=item -v|--version
+-v|--version::
-
+
 --
 Print the version and exit.
 --
-=item -w  E<lt>outfileE<gt>
+-w  <outfile>::
-
+
-Write raw packet data to I<outfile>. Use "-" for stdout.
+--
-
+Write raw packet data to __outfile__. Use "-" for stdout.
-=item -y|--linktype  E<lt>capture link typeE<gt>
+--
 -y|--linktype  <capture link type>::
 +
 --
 Set the data link type to use while capturing packets.  The values
-reported by B<-L> are the values that can be used.
+reported by *-L* are the values that can be used.
 This option can occur multiple times. If used before the first
-occurrence of the B<-i> option, it sets the default capture link type.
+occurrence of the *-i* option, it sets the default capture link type.
-If used after an B<-i> option, it sets the capture link type for
+If used after an *-i* option, it sets the capture link type for
-the interface specified by the last B<-i> option occurring before
+the interface specified by the last *-i* option occurring before
 this option. If the capture link type is not set specifically,
 the default capture link type is used if provided.
 --
-=item --capture-comment  E<lt>commentE<gt>
+--capture-comment  <comment>::
-
+
 --
 Add a capture comment to the output file, if supported by the output
 file format.
@ -427,38 +494,41 @@ single file.
 This option may be specified multiple times.  Note that Wireshark
 currently only displays the first comment of a capture file.
 --
-=item --list-time-stamp-types
+--list-time-stamp-types::
-
+
 --
 List time stamp types supported for the interface. If no time stamp type can be
 set, no time stamp types are listed.
 --
-=item --time-stamp-type  E<lt>typeE<gt>
+--time-stamp-type  <type>::
-
+
 --
 Change the interface's timestamp method.
 --
-=back
+== CAPTURE FILTER SYNTAX
-=head1 CAPTURE FILTER SYNTAX
+See the manual page of xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or, if that doesn't exist, xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8),
 or, if that doesn't exist, https://gitlab.com/wireshark/wireshark/-/wikis/CaptureFilters.
-See the manual page of pcap-filter(7) or, if that doesn't exist, tcpdump(8),
+== SEE ALSO
 or, if that doesn't exist, L<https://gitlab.com/wireshark/wireshark/-/wikis/CaptureFilters>.
-=head1 SEE ALSO
+xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:editcap.html[editcap](1), xref:mergecap.html[mergecap](1), xref:capinfos.html[capinfos](1), xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3),
 xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8)
-wireshark(1), tshark(1), editcap(1), mergecap(1), capinfos(1), pcap(3),
+== NOTES
 pcap-filter(7) or tcpdump(8)
-=head1 NOTES
+*Dumpcap* is part of the *Wireshark* distribution.  The latest version
-
+of *Wireshark* can be found at https://www.wireshark.org.
 B<Dumpcap> is part of the B<Wireshark> distribution.  The latest version
 of B<Wireshark> can be found at L<https://www.wireshark.org>.
 HTML versions of the Wireshark project man pages are available at:
-L<https://www.wireshark.org/docs/man-pages>.
+https://www.wireshark.org/docs/man-pages.
-=head1 AUTHORS
+== AUTHORS
-B<Dumpcap> is derived from the B<Wireshark> capturing engine code;
+*Dumpcap* is derived from the *Wireshark* capturing engine code;
 see the list of
-authors in the B<Wireshark> man page for a list of authors of that code.
+authors in the *Wireshark* man page for a list of authors of that code.
--- a/doc/editcap.adoc
+++ b/doc/editcap.adoc
@ -1,105 +1,110 @@
-=begin man
+= editcap(1)
 :doctype: manpage
 include::../docbook/attributes.adoc[]
 :stylesheet: ws.css
 :linkcss:
 :copycss: ../docbook/{stylesheet}
-=encoding utf8
+== NAME
 =end man
 =head1 NAME
 editcap - Edit and/or translate the format of capture files
-=head1 SYNOPSIS
+== SYNOPSIS
-B<editcap>
+[manarg]
-S<[ B<-a> E<lt>frame:commentE<gt> ]>
+*editcap*
-S<[ B<-A> E<lt>start timeE<gt> ]>
+[ *-a* <frame:comment> ]
-S<[ B<-B> E<lt>stop timeE<gt> ]>
+[ *-A* <start time> ]
-S<[ B<-c> E<lt>packets per fileE<gt> ]>
+[ *-B* <stop time> ]
-S<[ B<-C> [offset:]E<lt>choplenE<gt> ]>
+[ *-c* <packets per file> ]
-S<[ B<-E> E<lt>error probabilityE<gt> ]>
+[ *-C* [offset:]<choplen> ]
-S<[ B<-F> E<lt>file formatE<gt> ]>
+[ *-E* <error probability> ]
-S<[ B<-h> ]>
+[ *-F* <file format> ]
-S<[ B<-i> E<lt>seconds per fileE<gt> ]>
+[ *-h* ]
-S<[ B<-o> E<lt>change offsetE<gt> ]>
+[ *-i* <seconds per file> ]
-S<[ B<-L> ]>
+[ *-o* <change offset> ]
-S<[ B<-r> ]>
+[ *-L* ]
-S<[ B<-s> E<lt>snaplenE<gt> ]>
+[ *-r* ]
-S<[ B<-S> E<lt>strict time adjustmentE<gt> ]>
+[ *-s* <snaplen> ]
-S<[ B<-t> E<lt>time adjustmentE<gt> ]>
+[ *-S* <strict time adjustment> ]
-S<[ B<-T> E<lt>encapsulation typeE<gt> ]>
+[ *-t* <time adjustment> ]
-S<[ B<-v> ]>
+[ *-T* <encapsulation type> ]
-S<[ B<--inject-secrets> E<lt>secrets typeE<gt>,E<lt>fileE<gt> ]>
+[ *-v* ]
-S<[ B<--discard-all-secrets> ]>
+[ *--inject-secrets* <secrets type>,<file> ]
-S<[ B<--capture-comment> E<lt>commentE<gt> ]>
+[ *--discard-all-secrets* ]
-S<[ B<--discard-capture-comment> ]>
+[ *--capture-comment* <comment> ]
-I<infile>
+[ *--discard-capture-comment* ]
-I<outfile>
+__infile__
-S<[ I<packet#>[-I<packet#>] ... ]>
+__outfile__
 [ __packet#__[-__packet#__] ... ]
-B<editcap>
+[manarg]
-S< B<-d> > |
+*editcap*
-S< B<-D> E<lt>dup windowE<gt> > |
+*-d*
-S< B<-w> E<lt>dup time windowE<gt> >
+*-D* <dup window>
-S<[ B<-v> ]>
+*-w* <dup time window>
-S<[ B<-I> E<lt>bytes to ignoreE<gt> ]>
+[ *-v* ]
-S<[ B<--skip-radiotap-header> ]>
+[ *-I* <bytes to ignore> ]
-I<infile>
+[ *--skip-radiotap-header* ]
-I<outfile>
+__infile__
 __outfile__
-B<editcap>
+[manarg]
-S<[ B<-V> ]>
+*editcap*
 [ *-V* ]
-=head1 DESCRIPTION
+== DESCRIPTION
-B<Editcap> is a program that reads some or all of the captured packets from the
+*Editcap* is a program that reads some or all of the captured packets from the
-I<infile>, optionally converts them in various ways and writes the
+__infile__, optionally converts them in various ways and writes the
-resulting packets to the capture I<outfile> (or outfiles).
+resulting packets to the capture __outfile__ (or outfiles).
-By default, it reads all packets from the I<infile> and writes them to the
+By default, it reads all packets from the __infile__ and writes them to the
-I<outfile> in pcapng file format.
+__outfile__ in pcapng file format.
-The B<-A> and B<-B> option allow you to limit the time range from which packets
+The *-A* and *-B* option allow you to limit the time range from which packets
-are read from the I<infile>.
+are read from the __infile__.
 An optional list of packet numbers can be specified on the command tail;
 individual packet numbers separated by whitespace and/or ranges of packet
-numbers can be specified as I<start>-I<end>, referring to all packets from
+numbers can be specified as __start__-__end__, referring to all packets from
-I<start> to I<end>.  By default the selected packets with those numbers will
+__start__ to __end__.  By default the selected packets with those numbers will
-I<not> be written to the capture file.  If the B<-r> flag is specified, the
+__not__ be written to the capture file.  If the *-r* flag is specified, the
-whole packet selection is reversed; in that case I<only> the selected packets
+whole packet selection is reversed; in that case __only__ the selected packets
 will be written to the capture file.
-B<Editcap> can also be used to remove duplicate packets.  Several different
+*Editcap* can also be used to remove duplicate packets.  Several different
-options (B<-d>, B<-D> and B<-w>) are used to control the packet window
+options (*-d*, *-D* and *-w*) are used to control the packet window
 or relative time window to be used for duplicate comparison.
-B<Editcap> can be used to assign comment strings to frame numbers.
+*Editcap* can be used to assign comment strings to frame numbers.
-B<Editcap> is able to detect, read and write the same capture files that
+*Editcap* is able to detect, read and write the same capture files that
-are supported by B<Wireshark>.
+are supported by *Wireshark*.
 The input file doesn't need a specific filename extension; the file
 format and an optional gzip, zstd or lz4 compression will be automatically detected.
-Near the beginning of the DESCRIPTION section of wireshark(1) or
+Near the beginning of the DESCRIPTION section of xref:wireshark.html[wireshark](1) or
-L<https://www.wireshark.org/docs/man-pages/wireshark.html>
+https://www.wireshark.org/docs/man-pages/wireshark.html
-is a detailed description of the way B<Wireshark> handles this, which is
+is a detailed description of the way *Wireshark* handles this, which is
-the same way B<Editcap> handles this.
+the same way *Editcap* handles this.
-B<Editcap> can write the file in several output formats. The B<-F>
+*Editcap* can write the file in several output formats. The *-F*
 flag can be used to specify the format in which to write the capture
-file; B<editcap -F> provides a list of the available output formats.
+file; *editcap -F* provides a list of the available output formats.
-=head1 OPTIONS
+== OPTIONS
 =over 4
 =item -a  E<lt>framenum:commentE<gt>
 -a  <framenum:comment>::
 +
 --
 For the specified frame number, assign the given comment string.
 Can be repeated for multiple frames.  Quotes should be used with comment
 strings that include spaces.
 --
-=item -A  E<lt>start timeE<gt>
+-A  <start time>::
-
+
 --
 Reads only the packets whose timestamp is on or after start time.
 The time is given in ISO 8601 format, either
 YYYY-MM-DD HH:MM:SS[.nnnnnnnnn][Z|±hh:mm] or
@ -107,9 +112,11 @@ YYYY-MM-DDTHH:MM:SS[.nnnnnnnnn][Z|±hh:mm] .
 The fractional seconds are optional, as is the time zone offset from UTC
 (in which case local time is assumed). Unix epoch timestamps
 (floating point format) are also accepted.
 --
-=item -B  E<lt>stop timeE<gt>
+-B  <stop time>::
-
+
 --
 Reads only the packets whose timestamp is before stop time.
 The time is given in ISO 8601 format, either
 YYYY-MM-DD HH:MM:SS[.nnnnnnnnn][Z|±hh:mm] or
@ -117,24 +124,28 @@ YYYY-MM-DDTHH:MM:SS[.nnnnnnnnn][Z|±hh:mm] .
 The fractional seconds are optional, as is the time zone offset from UTC
 (in which case local time is assumed). Unix epoch timestamps
 (floating point format) are also accepted.
 --
-=item -c  E<lt>packets per fileE<gt>
+-c  <packets per file>::
-
+
 --
 Splits the packet output to different files based on uniform packet counts
 with a maximum of <packets per file> each.
 Each output file will be created with an infix _nnnnn[_YYYYmmddHHMMSS] inserted
-before the file extension (which may be null) of I<outfile>.  The infix
+before the file extension (which may be null) of __outfile__.  The infix
 consists of the ordinal number of the output file, starting with 00000,
 followed by the timestamp of its first packet.  The timestamp is omitted if
 the input file does not contain timestamp information.
 After the specified number of packets is written to the output file, the next
 output file is opened.  The default is to use a single output file.
-This option conflicts with B<-i>.
+This option conflicts with *-i*.
-
+--
 =item -C  [offset:]E<lt>choplenE<gt>
 -C  [offset:]<choplen>::
 +
 --
 Sets the chop length to use when writing the packet data. Each packet is
 chopped by <choplen> bytes of data. Positive values chop at the packet
 beginning while negative values chop at the packet end.
@ -153,21 +164,25 @@ bytes from up to two different areas of a packet in a single pass provided that
 you specify at least one chop length as a positive value and at least one as a
 negative value.  All positive chop lengths are added together as are all
 negative chop lengths.
 --
-=item -d
+-d::
-
+
 --
 Attempts to remove duplicate packets.  The length and MD5 hash of the
 current packet are compared to the previous four (4) packets.  If a
 match is found, the current packet is skipped.  This option is equivalent
-to using the option B<-D 5>.
+to using the option *-D 5*.
-
+--
 =item -D  E<lt>dup windowE<gt>
 -D  <dup window>::
 +
 --
 Attempts to remove duplicate packets.  The length and MD5 hash of the
 current packet are compared to the previous <dup window> - 1 packets.
 If a match is found, the current packet is skipped.
-The use of the option B<-D 0> combined with the B<-v> option is useful
+The use of the option *-D 0* combined with the *-v* option is useful
 in that each packet's Packet number, Len and MD5 Hash will be printed
 to standard out.  This verbose output (specifically the MD5 hash strings)
 can be useful in scripts to identify duplicate packets across trace
@ -176,75 +191,93 @@ files.
 The <dup window> is specified as an integer value between 0 and 1000000 (inclusive).
 NOTE: Specifying large <dup window> values with large tracefiles can
-result in very long processing times for B<editcap>.
+result in very long processing times for *editcap*.
-
+--
 =item -E  E<lt>error probabilityE<gt>
 -E  <error probability>::
 +
 --
 Sets the probability that bytes in the output file are randomly changed.
-B<Editcap> uses that probability (between 0.0 and 1.0 inclusive)
+*Editcap* uses that probability (between 0.0 and 1.0 inclusive)
 to apply errors to each data byte in the file.  For instance, a
 probability of 0.02 means that each byte has a 2% chance of having an error.
 This option is meant to be used for fuzz-testing protocol dissectors.
 --
-=item -F  E<lt>file formatE<gt>
+-F  <file format>::
-
+
 --
 Sets the file format of the output capture file.
-B<Editcap> can write the file in several formats, B<editcap -F>
+*Editcap* can write the file in several formats, *editcap -F*
 provides a list of the available output formats. The default
-is the B<pcapng> format.
+is the *pcapng* format.
-
+--
 =item -h
 -h::
 +
 --
 Prints the version and options and exits.
 --
-=item -i  E<lt>seconds per fileE<gt>
+-i  <seconds per file>::
-
+
 --
 Splits the packet output to different files based on uniform time
 intervals using a maximum interval of <seconds per file> each.  Floating
 point values (e.g. 0.5) are allowed.
 Each output file will be created with an infix _nnnnn[_YYYYmmddHHMMSS] inserted
-before the file extension (which may be null) of I<outfile>.  The infix
+before the file extension (which may be null) of __outfile__.  The infix
 consists of the ordinal number of the output file, starting with 00000,
 followed by the timestamp of its first packet.  The timestamp is omitted if
 the input file does not contain timestamp information.
 After packets for the specified time interval are written to the output file,
 the next output file is opened.  The default is to use a single output file.
-This option conflicts with B<-c>.
+This option conflicts with *-c*.
-
+--
 =item -I  E<lt>bytes to ignoreE<gt>
 -I  <bytes to ignore>::
 +
 --
 Ignore the specified number of bytes at the beginning of the frame during MD5 hash calculation,
 unless the frame is too short, then the full frame is used.
 Useful to remove duplicated packets taken on several routers (different mac addresses for example)
 e.g. -I 26 in case of Ether/IP will ignore ether(14) and IP header(20 - 4(src ip) - 4(dst ip)).
 The default value is 0.
 --
-=item -L
+-L::
-
+
 --
 Adjust the original frame length accordingly when chopping and/or snapping
 (in addition to the captured length, which is always adjusted regardless of
-whether B<-L> is specified or not).  See also B<-C <choplen>> and B<-s <snaplen>>.
+whether *-L* is specified or not).  See also *-C <choplen*> and *-s <snaplen*>.
-
+--
 =item -o  E<lt>change offsetE<gt>
 -o  <change offset>::
 +
 --
 When used in conjunction with -E, skip some bytes from the beginning of the packet
 from being changed. In this way some headers don't get changed, and the fuzzer is
 more focused on a smaller part of the packet. Keeping a part of the packet fixed
 the same dissector is triggered, that make the fuzzing more precise.
 --
-=item -r
+-r::
-
+
 --
 Reverse the packet selection.
 Causes the packets whose packet numbers are specified on the command
 line to be written to the output capture file, instead of discarding them.
 --
-=item -s  E<lt>snaplenE<gt>
+-s  <snaplen>::
-
+
 --
 Sets the snapshot length to use when writing the data.
-If the B<-s> flag is used to specify a snapshot length, packets in the
+If the *-s* flag is used to specify a snapshot length, packets in the
 input file with more captured data than the specified snapshot length
 will have only the amount of data specified by the snapshot length
 written to the output file.
@ -255,32 +288,38 @@ to read the output file cannot handle packets larger than a certain size
 appear to reject Ethernet packets larger than the standard Ethernet MTU,
 making them incapable of handling gigabit Ethernet captures if jumbo
 packets were used).
 --
-=item --seed  E<lt>seedE<gt>
+--seed  <seed>::
-
+
 --
 When used in conjunction with -E, set the seed for the pseudo-random number generator.
 This is useful for recreating a particular sequence of errors.
 --
-=item --skip-radiotap-header
+--skip-radiotap-header::
-
+
 --
 Skip the radiotap header of each frame when checking for packet duplicates. This is useful
 when processing a capture created by combining outputs of multiple capture devices on the same
 channel in the vicinity of each other.
 --
-=item -S  E<lt>strict time adjustmentE<gt>
+-S  <strict time adjustment>::
-
+
 --
 Time adjust selected packets to ensure strict chronological order.
 The <strict time adjustment> value represents relative seconds
-specified as [-]I<seconds>[I<.fractional seconds>].
+specified as [-]__seconds__[__.fractional seconds__].
 As the capture file is processed each packet's absolute time is
-I<possibly> adjusted to be equal to or greater than the previous
+__possibly__ adjusted to be equal to or greater than the previous
 packet's absolute timestamp depending on the <strict time
 adjustment> value.
 If <strict time adjustment> value is 0 or greater (e.g. 0.000001)
-then B<only> packets with a timestamp less than the previous packet
+then *only* packets with a timestamp less than the previous packet
 will adjusted.  The adjusted timestamp value will be set to be
 equal to the timestamp value of the previous packet plus the value
 of the <strict time adjustment> value.  A <strict time adjustment>
@ -289,38 +328,42 @@ necessary to ensure that the resulting capture file is in
 strict chronological order.
 If <strict time adjustment> value is specified as a
-negative value, then the timestamp values of B<all>
+negative value, then the timestamp values of *all*
 packets will be adjusted to be equal to the timestamp value
 of the previous packet plus the absolute value of the
-E<lt>strict time adjustmentE<gt> value. A <strict time
+<strict time adjustment> value. A <strict time
 adjustment> value of -0 will result in all packets
 having the timestamp value of the first packet.
 This feature is useful when the trace file has an occasional
 packet with a negative delta time relative to the previous
 packet.
 --
-=item -t  E<lt>time adjustmentE<gt>
+-t  <time adjustment>::
-
+
 --
 Sets the time adjustment to use on selected packets.
-If the B<-t> flag is used to specify a time adjustment, the specified
+If the *-t* flag is used to specify a time adjustment, the specified
 adjustment will be applied to all selected packets in the capture file.
-The adjustment is specified as [-]I<seconds>[I<.fractional seconds>].
+The adjustment is specified as [-]__seconds__[__.fractional seconds__].
-For example, B<-t> 3600 advances the timestamp on selected packets by one
+For example, *-t* 3600 advances the timestamp on selected packets by one
-hour while B<-t> -0.5 reduces the timestamp on selected packets by
+hour while *-t* -0.5 reduces the timestamp on selected packets by
 one-half second.
 This feature is useful when synchronizing dumps
 collected on different machines where the time difference between the
 two machines is known or can be estimated.
 --
-=item -T  E<lt>encapsulation typeE<gt>
+-T  <encapsulation type>::
-
+
 --
 Sets the packet encapsulation type of the output capture file.
-If the B<-T> flag is used to specify an encapsulation type, the
+If the *-T* flag is used to specify an encapsulation type, the
 encapsulation type of the output capture file will be forced to the
 specified type.
-B<editcap -T> provides a list of the available types. The default
+*editcap -T* provides a list of the available types. The default
 type is the one appropriate to the encapsulation type of the input
 capture file.
@ -329,82 +372,95 @@ forces the encapsulation type of the output file to be the specified
 type; the packet headers of the packets will not be translated from the
 encapsulation type of the input capture file to the specified
 encapsulation type (for example, it will not translate an Ethernet
-capture to an FDDI capture if an Ethernet capture is read and 'B<-T
+capture to an FDDI capture if an Ethernet capture is read and '*-T
-fddi>' is specified). If you need to remove/add headers from/to a
+ fddi*' is specified). If you need to remove/add headers from/to a
-packet, you will need od(1)/text2pcap(1).
+packet, you will need od(1)/xref:text2pcap.html[text2pcap](1).
 --
-=item -v
+-v::
 +
 --
 Causes *editcap* to print verbose messages while it's working.
-Causes B<editcap> to print verbose messages while it's working.
+Use of *-v* with the de-duplication switches of *-d*, *-D* or *-w*
 Use of B<-v> with the de-duplication switches of B<-d>, B<-D> or B<-w>
 will cause all MD5 hashes to be printed whether the packet is skipped
 or not.
 --
-=item -V
+-V::
-
+
 --
 Print the version and exit.
 --
-=item -w  E<lt>dup time windowE<gt>
+-w  <dup time window>::
-
+
 --
 Attempts to remove duplicate packets.  The current packet's arrival time
 is compared with up to 1000000 previous packets.  If the packet's relative
-arrival time is I<less than or equal to> the <dup time window> of a previous packet
+arrival time is __less than or equal to__ the <dup time window> of a previous packet
 and the packet length and MD5 hash of the current packet are the same then
 the packet to skipped.  The duplicate comparison test stops when
 the current packet's relative arrival time is greater than <dup time window>.
-The <dup time window> is specified as I<seconds>[I<.fractional seconds>].
+The <dup time window> is specified as __seconds__[__.fractional seconds__].
 The [.fractional seconds] component can be specified to nine (9) decimal
 places (billionths of a second) but most typical trace files have resolution
 to six (6) decimal places (millionths of a second).
 NOTE: Specifying large <dup time window> values with large tracefiles can
-result in very long processing times for B<editcap>.
+result in very long processing times for *editcap*.
-NOTE: The B<-w> option assumes that the packets are in chronological order.
+NOTE: The *-w* option assumes that the packets are in chronological order.
-If the packets are NOT in chronological order then the B<-w> duplication
+If the packets are NOT in chronological order then the *-w* duplication
 removal option may not identify some duplicates.
 --
-=item --inject-secrets E<lt>secrets typeE<gt>,E<lt>fileE<gt>
+--inject-secrets <secrets type>,<file>::
-
+
-Inserts the contents of E<lt>fileE<gt> into a Decryption Secrets Block (DSB)
+--
 Inserts the contents of <file> into a Decryption Secrets Block (DSB)
 within the pcapng output file. This enables decryption without requiring
 additional configuration in protocol preferences.
-The file format is described by E<lt>secrets typeE<gt> which can be one of:
+The file format is described by <secrets type> which can be one of:
-I<tls>  TLS Key Log as described at L<https://developer.mozilla.org/NSS_Key_Log_Format>
+__tls__  TLS Key Log as described at https://developer.mozilla.org/NSS_Key_Log_Format
-I<wg>   WireGuard Key Log, see L<https://gitlab.com/wireshark/wireshark/-/wikis/WireGuard#key-log-format>
+__wg__   WireGuard Key Log, see https://gitlab.com/wireshark/wireshark/-/wikis/WireGuard#key-log-format
 This option may be specified multiple times. The available options for
-E<lt>secrets typeE<gt> can be listed with B<--inject-secrets help>.
+<secrets type> can be listed with *--inject-secrets help*.
-
+--
 =item --discard-all-secrets
 --discard-all-secrets::
 +
 --
 Discard all decryption secrets from the input file when writing the
-output file.  Does not discard secrets added by B<--inject-secrets> in
+output file.  Does not discard secrets added by *--inject-secrets* in
 the same command line.
 --
-=item --capture-comment E<lt>commentE<gt>
+--capture-comment <comment>::
-
+
 --
 Adds the given comment to the output file, if supported by the output
-file format.  New comments will be added I<after> any comments present
+file format.  New comments will be added __after__ any comments present
-in the input file unless B<--discard-capture-comment> is also specified.
+in the input file unless *--discard-capture-comment* is also specified.
 This option may be specified multiple times.  Note that Wireshark
 currently only displays the first comment of a capture file.
 --
-=item --discard-capture-comment
+--discard-capture-comment::
-
+
 --
 Discard all capture file comments from the input file when writing the output
-file. Does not discard comments added by B<--capture-comment> in the same
+file. Does not discard comments added by *--capture-comment* in the same
 command line.
 --
-=back
+== EXAMPLES
 =head1 EXAMPLES
 To see more detailed description of the options use:
@ -450,7 +506,7 @@ To remove duplicate packets seen within the prior 100 frames use:
    editcap -D 101 capture.pcapng dedup.pcapng
-To remove duplicate packets seen I<equal to or less than> 1/10th of a second:
+To remove duplicate packets seen __equal to or less than__ 1/10th of a second:
    editcap -w 0.1 capture.pcapng dedup.pcapng
@ -502,27 +558,26 @@ To add comment strings to the first 2 input frames, use:
    editcap -a "1:1st frame" -a 2:Second capture.pcapng capture-comments.pcapng
-=head1 SEE ALSO
+== SEE ALSO
-pcap(3), wireshark(1), tshark(1), mergecap(1), dumpcap(1), capinfos(1),
+xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:mergecap.html[mergecap](1), xref:dumpcap.html[dumpcap](1), xref:capinfos.html[capinfos](1),
-text2pcap(1), reordercap(1), od(1), pcap-filter(7) or tcpdump(8)
+xref:text2pcap.html[text2pcap](1), xref:reordercap.html[reordercap](1), od(1), xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8)
-=head1 NOTES
+== NOTES
-B<Editcap> is part of the B<Wireshark> distribution.  The latest version
+*Editcap* is part of the *Wireshark* distribution.  The latest version
-of B<Wireshark> can be found at L<https://www.wireshark.org>.
+of *Wireshark* can be found at https://www.wireshark.org.
 HTML versions of the Wireshark project man pages are available at:
-L<https://www.wireshark.org/docs/man-pages>.
+https://www.wireshark.org/docs/man-pages.
-=head1 AUTHORS
+== AUTHORS
-  Original Author
+.Original Author
-  -------- ------
+[%hardbreaks]
-  Richard Sharpe           <sharpe[AT]ns.aus.com>
+Richard Sharpe <sharpe[AT]ns.aus.com>
-
+.Contributors
-  Contributors
+[%hardbreaks]
-  ------------
+Guy Harris <guy[AT]alum.mit.edu>
-  Guy Harris               <guy[AT]alum.mit.edu>
+Ulf Lamping <ulf.lamping[AT]web.de>
  Ulf Lamping              <ulf.lamping[AT]web.de>
--- a/doc/etwdump.adoc
+++ b/doc/etwdump.adoc
@ -1,84 +1,104 @@
-=begin man
+= etwdump(1)
 :doctype: manpage
 include::../docbook/attributes.adoc[]
 :stylesheet: ws.css
 :linkcss:
 :copycss: ../docbook/{stylesheet}
-=encoding utf8
+== NAME
 =end man
 =head1 NAME
 etwdump - Provide an interface to read ETW
-=head1 SYNOPSIS
+== SYNOPSIS
-B<etwdump>
+[manarg]
-S<[ B<--help> ]>
+*etwdump*
-S<[ B<--version> ]>
+[ *--help* ]
-S<[ B<--extcap-interfaces> ]>
+[ *--version* ]
-S<[ B<--extcap-dlts> ]>
+[ *--extcap-interfaces* ]
-S<[ B<--extcap-interface>=E<lt>interfaceE<gt> ]>
+[ *--extcap-dlts* ]
-S<[ B<--extcap-config> ]>
+[ *--extcap-interface*=<interface> ]
-S<[ B<--capture> ]>
+[ *--extcap-config* ]
-S<[ B<--fifo>=E<lt>path to file or pipeE<gt> ]>
+[ *--capture* ]
-S<[ B<--iue>=E<lt>Should undecidable events be includedE<gt> ]>
+[ *--fifo*=<path to file or pipe> ]
-S<[ B<--etlfile>=E<lt>etl fileE<gt> ]>
+[ *--iue*=<Should undecidable events be included> ]
-S<[ B<--params>=E<lt>filter parametersE<gt> ]>
+[ *--etlfile*=<etl file> ]
 [ *--params*=<filter parameters> ]
-=head1 DESCRIPTION
+== DESCRIPTION
-B<etwdump> is a extcap tool that provides access to a etl file.
+*etwdump* is a extcap tool that provides access to a etl file.
 It is only used to display event trace on Windows.
-=head1 OPTIONS
+== OPTIONS
 =over 4
 =item --help
 --help::
 +
 --
 Print program arguments.
 --
-=item --version
+--version::
-
+
 --
 Print program version.
 --
-=item --extcap-interfaces
+--extcap-interfaces::
-
+
 --
 List available interfaces.
 --
-=item --extcap-interface=E<lt>interfaceE<gt>
+--extcap-interface=<interface>::
-
+
 --
 Use specified interfaces.
 --
-=item --extcap-dlts
+--extcap-dlts::
-
+
 --
 List DLTs of specified interface.
 --
-=item --extcap-config
+--extcap-config::
-
+
 --
 List configuration options of specified interface.
 --
-=item --capture
+--capture::
-
+
 --
 Start capturing from specified interface save saved it in place specified by --fifo.
 --
-=item --fifo=E<lt>path to file or pipeE<gt>
+--fifo=<path to file or pipe>::
-
+
 --
 Save captured packet to file or send it through pipe.
 --
-=item --iue=E<lt>Should undecidable events be includedE<gt>
+--iue=<Should undecidable events be included>::
-
+
 --
 Choose if the undecidable event is included.
 --
-=item --etlfile=E<lt>Etl fileE<gt>
+--etlfile=<Etl file>::
-
+
 --
 Select etl file to display in Wireshark.
 --
-=item --params=E<lt>filter parametersE<gt>
+--params=<filter parameters>::
-
+
 --
 Input providers, keyword and level filters for the etl file and live session.
 --
-=back
+== EXAMPLES
 =head1 EXAMPLES
 To see program arguments:
@ -117,20 +137,20 @@ To capture:
 NOTE: To stop capturing CTRL+C/kill/terminate application.
-=head1 SEE ALSO
+== SEE ALSO
-wireshark(1), tshark(1), dumpcap(1), extcap(4)
+xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4)
-=head1 NOTES
+== NOTES
-B<etwdump> is part of the B<Wireshark> distribution.  The latest version
+*etwdump* is part of the *Wireshark* distribution.  The latest version
-of B<Wireshark> can be found at L<https://www.wireshark.org>.
+of *Wireshark* can be found at https://www.wireshark.org.
 HTML versions of the Wireshark project man pages are available at:
-L<https://www.wireshark.org/docs/man-pages>.
+https://www.wireshark.org/docs/man-pages.
-=head1 AUTHORS
+== AUTHORS
-  Original Author
+.Original Author
-  ---------------
+[%hardbreaks]
-  Odysseus Yang             L<wiresharkyyh@outlook.com>
+Odysseus Yang L<wiresharkyyh@outlook.com>
--- a/doc/extcap.adoc
+++ b/doc/extcap.adoc
@ -1,14 +1,15 @@
-=begin man
+= extcap(4)
 :doctype: manpage
 include::../docbook/attributes.adoc[]
 :stylesheet: ws.css
 :linkcss:
 :copycss: ../docbook/{stylesheet}
-=encoding utf8
+== NAME
 =end man
 =head1 NAME
 extcap - The extcap interface
-=head1 DESCRIPTION
+== DESCRIPTION
 The extcap interface is a versatile plugin interface that allows external binaries
 to act as capture interfaces directly in Wireshark. It is used in scenarios, where
@ -41,39 +42,49 @@ can be found (it is not designed to be launched by hand).  This is done on purpo
 only be extcap programs (executable, python scripts, ...) in the extcap folder to reduce the startup
 time and not have Wireshark trying to execute other file types.
-
+== GRAMMAR ELEMENTS
 =head1 GRAMMAR ELEMENTS
 Grammar elements:
-=over 4
+arg (options)::
-
+
-=item arg (options)
+--
 argument for CLI calling
 --
-=item number
+number::
-
+
 --
 Reference # of argument for other values, display order
 --
-=item call
+call::
-
+
 --
 Literal argument to call (--call=...)
 --
-=item display
+display::
-
+
 --
 Displayed name
 --
-=item default
+default::
-
+
 --
 Default value, in proper form for type
 --
-=item range
+range::
-
+
 --
 Range of valid values for UI checking (min,max) in proper form
 --
-=item type
+type::
-
+
 --
 Argument type for UI filtering for raw, or UI type for selector:
    integer
@ -87,15 +98,16 @@ Argument type for UI filtering for raw, or UI type for selector:
    multicheck (display a textbox for selecting multiple options, values as strings)
    password (display a textbox with masked text)
    timestamp (display a calendar)
 --
-=item value (options)
+value (options)::
-
+
 --
    Values for argument selection
    arg     Argument # this value applies to
 --
-=back
+== EXAMPLES
 =head1 EXAMPLES
 Example 1:
@ -128,30 +140,22 @@ Example 5:
    arg {number=0}{call=--start}{display=Start Time}{type=timestamp}
    arg {number=1}{call=--end}{display=End Time}{type=timestamp}
-=head1 Security awareness
+== Security awareness
-=over 4
+- Users running wireshark as root, we can't save you
 - Dumpcap retains suid/setgid and group+x permissions to allow users in wireshark group only
 - Third-party capture programs run w/ whatever privs they're installed with
 - If an attacker can write to a system binary directory, we're game over anyhow
 - Reference the folders tab in the wireshark->about information, to see from which directory extcap is being run
-=item - Users running wireshark as root, we can't save you
+== SEE ALSO
-=item - Dumpcap retains suid/setgid and group+x permissions to allow users in wireshark group only
+xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:androiddump.html[androiddump](1), xref:sshdump.html[sshdump](1), xref:randpktdump.html[randpktdump](1)
-=item - Third-party capture programs run w/ whatever privs they're installed with
+== NOTES
-=item - If an attacker can write to a system binary directory, we're game over anyhow
+*Extcap* is feature of *Wireshark*.  The latest version
-
+of *Wireshark* can be found at https://www.wireshark.org.
 =item - Reference the folders tab in the wireshark->about information, to see from which directory extcap is being run
 =back
 =head1 SEE ALSO
 wireshark(1), tshark(1), dumpcap(1), androiddump(1), sshdump(1), randpktdump(1)
 =head1 NOTES
 B<Extcap> is feature of B<Wireshark>.  The latest version
 of B<Wireshark> can be found at L<https://www.wireshark.org>.
 HTML versions of the Wireshark project man pages are available at:
-L<https://www.wireshark.org/docs/man-pages>.
+https://www.wireshark.org/docs/man-pages.
--- a/doc/idl2deb.adoc
+++ b/doc/idl2deb.adoc
@ -1,80 +1,92 @@
-=begin man
+= idl2deb(1)
 :doctype: manpage
 include::../docbook/attributes.adoc[]
 :stylesheet: ws.css
 :linkcss:
 :copycss: ../docbook/{stylesheet}
-=encoding utf8
+== NAME
 =end man
 =head1 NAME
 idl2deb - Create a Debian package for CORBA monitoring from IDL
-=head1 SYNOPSIS
+== SYNOPSIS
-B<idl2deb>
+[manarg]
-S<[ B<-d> E<lt>optsE<gt> ]>
+*idl2deb*
-S<[ B<--dbopts>=E<lt>optsE<gt> ]>
+[ *-d* <opts> ]
-S<[ B<-e> E<lt>addressE<gt> ]>
+[ *--dbopts*=<opts> ]
-S<[ B<--email>=E<lt>addressE<gt> ]>
+[ *-e* <address> ]
-S<[ B<-h> ]>
+[ *--email*=<address> ]
-S<[ B<--help> ]>
+[ *-h* ]
-S<[ B<-i> E<lt>idlfileE<gt> ]>
+[ *--help* ]
-S<[ B<--idl>=E<lt>idlfileE<gt> ]>
+[ *-i* <idlfile> ]
-S<[ B<-n> E<lt>nameE<gt> ]>
+[ *--idl*=<idlfile> ]
-S<[ B<--name>=E<lt>nameE<gt> ]>
+[ *-n* <name> ]
-S<[ B<-p> ]>
+[ *--name*=<name> ]
-S<[ B<--preserve> ]>
+[ *-p* ]
-S<[ B<-v> ]>
+[ *--preserve* ]
-S<[ B<--version> ]>
+[ *-v* ]
 [ *--version* ]
-=head1 DESCRIPTION
+== DESCRIPTION
-This manual page documents briefly the B<idl2deb> command. B<idl2deb>
+This manual page documents briefly the *idl2deb* command. *idl2deb*
 takes an CORBA IDL file as input and creates a Debian package from it. The
 package contains a loadable module for the Wireshark network analyser.
-=head1 OPTIONS
+== OPTIONS
 =over 4
 =item -d E<lt>optsE<gt> --dbopts=E<lt>optsE<gt>
 -d <opts> --dbopts=<opts>::
 +
 --
 options for dpkg-buildpackage.
 --
-=item -e E<lt>addressE<gt> --email=E<lt>addressE<gt>
+-e <address> --email=<address>::
-
+
 --
 use e-mail address.
 --
-=item -h --help
+-h --help::
-
+
 --
 print help and exit.
 --
-=item -i E<lt>idlfileE<gt> --idl=E<lt>idlfileE<gt>
+-i <idlfile> --idl=<idlfile>::
-
+
 --
 IDL file to use (mandatory)
 --
-=item -n E<lt>nameE<gt> --name=E<lt>nameE<gt>
+-n <name> --name=<name>::
-
+
 --
 use user name.
 --
-=item -p --preserve
+-p --preserve::
-
+
 --
 do not overwrite files.
 --
-=item -v --version
+-v --version::
-
+
 --
 print version and exit.
 --
-=back
+== EXAMPLES
 =head1 EXAMPLES
 /usr/bin/idl2deb -e me@foo.net -i bar.idl \-n "My Name" -d "-rfakeroot -uc -us"-d "-rfakeroot -uc -us"
-=head1 SEE ALSO
+== SEE ALSO
-A lot of tools are used, which you have to B<apt-get install>: wireshark-dev, python, cdbs, autotools-dev, debhelper, dpkg-dev.
+A lot of tools are used, which you have to *apt-get install*: wireshark-dev, python, cdbs, autotools-dev, debhelper, dpkg-dev.
-=head1 COPYING
+== COPYING
 This manual page was written by W. Borgert debacle@debian.org
 for Debian GNU/Linux (but may be used by others). Permission is granted
@ -82,10 +94,10 @@ to copy, distribute and/or modify this document under the terms of the
 GNU General Public License, Version 2 or any later version published by
 the Free Software Foundation.
-=head1 AUTHOR
+== AUTHOR
-B<W. Borgert> Author.
+*W. Borgert* Author.
-=head1 COPYRIGHT
+== COPYRIGHT
 Copyright (C) 2003, 2005 W. Borger
--- a/doc/idl2wrs.adoc
+++ b/doc/idl2wrs.adoc
@ -1,51 +1,45 @@
-=begin man
+= idl2wrs(1)
 :doctype: manpage
 include::../docbook/attributes.adoc[]
 :stylesheet: ws.css
 :linkcss:
 :copycss: ../docbook/{stylesheet}
-=encoding utf8
+== NAME
 =end man
 =head1 NAME
 idl2wrs - CORBA IDL to Wireshark Plugin Generator
-=head1 SYNOPSIS
+== SYNOPSIS
-B<idl2wrs> E<lt>filenameE<gt>
+*idl2wrs* <filename>
-=head1 DESCRIPTION
+== DESCRIPTION
-B<idl2wrs> is a program that takes a user specified B<CORBA IDL>
+*idl2wrs* is a program that takes a user specified *CORBA IDL*
-file and generates B<"C"> source code for a B<Wireshark> "plugin".
+file and generates *"C"* source code for a *Wireshark* "plugin".
-This resulting file can be compiled as a B<Wireshark> plugin, and
+This resulting file can be compiled as a *Wireshark* plugin, and
-used to monitor B<GIOP/IIOP> traffic that is using this IDL.
+used to monitor *GIOP/IIOP* traffic that is using this IDL.
-B<idl2wrs> is actually a shell script wrapper for two B<Python> programs.
+*idl2wrs* is actually a shell script wrapper for two *Python* programs.
 These programs are:
-=over 4
+* *wireshark_be.py*
 =item * B<wireshark_be.py>
 Contains the main IDL Visitor Class
-=item * B<wireshark_gen.py>
+* *wireshark_gen.py*
 Contains the Source Code Generator Class
-=back
+*idl2wrs* supports heuristic dissection of GIOP/IIOP traffic,
 B<idl2wrs> supports heuristic dissection of GIOP/IIOP traffic,
 and some experimental code for explicit dissection, based on
 Object Key <-> Repository Id mapping.
 However, code for heuristic based plugins is
 generated by default, and users should consider this the preferred
 method unless you have some namespace collisions.
 == OPTIONS
-=head1 OPTIONS
+Currently there are no options. *idl2wrs* can be invoked as follows.
 Currently there are no options. B<idl2wrs> can be invoked as follows.
 1.  To write the C code to stdout.
@ -53,22 +47,18 @@ Currently there are no options. B<idl2wrs> can be invoked as follows.
    eg: idl2wrs echo.idl
 2. To write to a file, just redirect the output.
    idl2wrs echo.idl > packet-test.c
 == ENVIRONMENT
 *idl2wrs* will look for *wireshark_be.py* and *wireshark_gen.py* in
 *$PYTHONPATH/site-packages/* and if not found, will try the current
 directory *./*
-
+The *-p* option passed to omniidl (inside *idl2wrs*) indicates where
-=head1 ENVIRONMENT
+*wireshark_be.py* and *wireshark_gen.py* will be searched.  This may
 B<idl2wrs> will look for B<wireshark_be.py> and B<wireshark_gen.py> in
 B<$PYTHONPATH/site-packages/> and if not found, will try the current
 directory B<./>
 The B<-p> option passed to omniidl (inside B<idl2wrs>) indicates where
 B<wireshark_be.py> and B<wireshark_gen.py> will be searched.  This may
 need tweaking if you place these files somewhere else.
 If it complains about being unable to find some modules (eg tempfile.py),
@ -76,45 +66,35 @@ you may want to check if PYTHONPATH is set correctly.
 eg:  PYTHONPATH=/usr/lib/python1.5/
 == SEE ALSO
-=head1 SEE ALSO
+xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1)
-wireshark(1), tshark(1)
+== NOTES
 *idl2wrs* (including *wireshark_be.py* and *wireshark_gen.py*) are part of
 the *Wireshark* distribution.  The latest version of *Wireshark* can
 be found at https://www.wireshark.org.
-=head1 NOTES
+*idl2wrs* uses *omniidl*, an IDL parser, and can be found at
 http://omniorb.sourceforge.net/
-B<idl2wrs> (including B<wireshark_be.py> and B<wireshark_gen.py>) are part of
+== TODO
 the B<Wireshark> distribution.  The latest version of B<Wireshark> can
 be found at L<https://www.wireshark.org>.
 B<idl2wrs> uses B<omniidl>, an IDL parser, and can be found at
 L<http://omniorb.sourceforge.net/>
 =head1 TODO
 Some of the more important things to do are:
-=over 4
+* Improve Explicit dissection code.
-=item *
+* Improve command line options.
 Improve Explicit dissection code.
-=item *
+* Improve decode algorithm when we have operation name collision.
 Improve command line options.
-=item *
+== AUTHORS
 Improve decode algorithm when we have operation name collision.
-=back
+.Original Author
 [%hardbreaks]
 Frank Singleton <frank.singleton[AT]ericsson.com>
-=head1 AUTHORS
+.Contributors
-
+[%hardbreaks]
  Original Author
  -------- ------
  Frank Singleton             <frank.singleton[AT]ericsson.com>
  Contributors
  ------------
--- a/doc/mergecap.adoc
+++ b/doc/mergecap.adoc
@ -1,55 +1,57 @@
-=begin man
+= mergecap(1)
 :doctype: manpage
 include::../docbook/attributes.adoc[]
 :stylesheet: ws.css
 :linkcss:
 :copycss: ../docbook/{stylesheet}
-=encoding utf8
+== NAME
 =end man
 =head1 NAME
 mergecap - Merges two or more capture files into one
-=head1 SYNOPSIS
+== SYNOPSIS
-B<mergecap>
+[manarg]
-S<[ B<-a> ]>
+*mergecap*
-S<[ B<-F> E<lt>I<file format>E<gt> ]>
+[ *-a* ]
-S<[ B<-h> ]>
+[ *-F* <__file format__> ]
-S<[ B<-I> E<lt>I<IDB merge mode>E<gt> ]>
+[ *-h* ]
-S<[ B<-s> E<lt>I<snaplen>E<gt> ]>
+[ *-I* <__IDB merge mode__> ]
-S<[ B<-v> ]>
+[ *-s* <__snaplen__> ]
-S<[ B<-V> ]>
+[ *-v* ]
-S<B<-w> E<lt>I<outfile>E<gt>|->
+[ *-V* ]
-E<lt>I<infile>E<gt> [E<lt>I<infile>E<gt> I<...>]
+*-w* <__outfile__>|-
 <__infile__> [<__infile__> __...__]
-=head1 DESCRIPTION
+== DESCRIPTION
-B<Mergecap> is a program that combines multiple saved capture files into
+*Mergecap* is a program that combines multiple saved capture files into
-a single output file specified by the B<-w> argument.  B<Mergecap> knows
+a single output file specified by the *-w* argument.  *Mergecap* knows
-how to read B<pcap> and B<pcapng> capture files, including those of
+how to read *pcap* and *pcapng* capture files, including those of
-B<tcpdump>, B<Wireshark> and other tools that write captures in those
+*tcpdump*, *Wireshark* and other tools that write captures in those
 formats.
-By default, B<Mergecap> writes the capture file in B<pcapng> format, and
+By default, *Mergecap* writes the capture file in *pcapng* format, and
 writes all of the packets from the input capture files to the output file.
-B<Mergecap> is able to detect, read and write the same capture files that
+*Mergecap* is able to detect, read and write the same capture files that
-are supported by B<Wireshark>.
+are supported by *Wireshark*.
 The input files don't need a specific filename extension; the file
 format and an optional gzip, zstd or lz4 compression will be automatically detected.
-Near the beginning of the DESCRIPTION section of wireshark(1) or
+Near the beginning of the DESCRIPTION section of xref:wireshark.html[wireshark](1) or
-L<https://www.wireshark.org/docs/man-pages/wireshark.html>
+https://www.wireshark.org/docs/man-pages/wireshark.html
-is a detailed description of the way B<Wireshark> handles this, which is
+is a detailed description of the way *Wireshark* handles this, which is
-the same way B<Mergecap> handles this.
+the same way *Mergecap* handles this.
-B<Mergecap> can write the file in several output formats.
+*Mergecap* can write the file in several output formats.
-The B<-F> flag can be used to specify the format in which to write the
+The *-F* flag can be used to specify the format in which to write the
-capture file, B<mergecap -F> provides a list of the available output
+capture file, *mergecap -F* provides a list of the available output
 formats.
 Packets from the input files are merged in chronological order based on
-each frame's timestamp, unless the B<-a> flag is specified.  B<Mergecap>
+each frame's timestamp, unless the *-a* flag is specified.  *Mergecap*
 assumes that frames within a single capture file are already stored in
-chronological order.  When the B<-a> flag is specified, packets are
+chronological order.  When the *-a* flag is specified, packets are
 copied directly from each input file to the output file, independent of
 each frame's timestamp.
@ -57,37 +59,42 @@ The output file frame encapsulation type is set to the type of the input
 files if all input files have the same type.  If not all of the input
 files have the same frame encapsulation type, the output file type is
 set to WTAP_ENCAP_PER_PACKET.  Note that some capture file formats, most
-notably B<pcap>, do not currently support WTAP_ENCAP_PER_PACKET.
+notably *pcap*, do not currently support WTAP_ENCAP_PER_PACKET.
 This combination will cause the output file creation to fail.
-=head1 OPTIONS
+== OPTIONS
 =over 4
 =item -a
 -a::
 +
 --
 Causes the frame timestamps to be ignored, writing all packets from the
 first input file followed by all packets from the second input file.  By
-default, when B<-a> is not specified, the contents of the input files
+default, when *-a* is not specified, the contents of the input files
 are merged in chronological order based on each frame's timestamp.
-Note: when merging, B<mergecap> assumes that packets within a capture
+Note: when merging, *mergecap* assumes that packets within a capture
 file are already in chronological order.
 --
-=item -F  E<lt>file formatE<gt>
+-F  <file format>::
-
+
-Sets the file format of the output capture file. B<Mergecap> can write
+--
-the file in several formats; B<mergecap -F> provides a list of the
+Sets the file format of the output capture file. *Mergecap* can write
-available output formats.  By default this is the B<pcapng> format.
+the file in several formats; *mergecap -F* provides a list of the
-
+available output formats.  By default this is the *pcapng* format.
-=item -h
+--
 -h::
 +
 --
 Prints the version and options and exits.
 --
-=item -I  E<lt>IDB merge modeE<gt>
+-I  <IDB merge mode>::
-
+
 --
 Sets the Interface Description Block (IDB) merge mode to use during merging.
-B<mergecap -I> provides a list of the available IDB merge modes.
+*mergecap -I* provides a list of the available IDB merge modes.
 Every input file has one or more IDBs, which describe the interface(s) the
 capture was performed on originally. This includes encapsulation type,
@ -95,35 +102,25 @@ interface name, etc. When mergecap merges multiple input files, it has to
 merge these IDBs somehow for the new merged output file. This flag controls
 how that is accomplished. The currently available modes are:
-=over 4
+*none*: No merging of IDBs is performed, and instead all IDBs are
 B<none>: No merging of IDBs is performed, and instead all IDBs are
 copied to the merged output file.
-=back
+*all*: IDBs are merged only if all input files have the same number
 =over 4
 B<all>: IDBs are merged only if all input files have the same number
 of IDBs, and each IDB matches their respective entry in the
 other files. This is the default mode.
-=back
+*any*: Any and all duplicate IDBs are merged into one IDB, regardless
 =over 4
 B<any>: Any and all duplicate IDBs are merged into one IDB, regardless
 of what file they are in.
 =back
 Note that an IDB is only considered a matching duplicate if it has the same
 encapsulation type, name, speed, time precision, comments, description, etc.
 --
-=item -s  E<lt>snaplenE<gt>
+-s  <snaplen>::
-
+
 --
 Sets the snapshot length to use when writing the data.
-If the B<-s> flag is used to specify a snapshot length, frames in the
+If the *-s* flag is used to specify a snapshot length, frames in the
 input file with more captured data than the specified snapshot length
 will have only the amount of data specified by the snapshot length
 written to the output file.  This may be useful if the program that is
@ -132,23 +129,28 @@ to read the output file cannot handle packets larger than a certain size
 appear to reject Ethernet frames larger than the standard Ethernet MTU,
 making them incapable of handling gigabit Ethernet captures if jumbo
 frames were used).
 --
-=item -v
+-v::
-
+
-Causes B<mergecap> to print a number of messages while it's working.
+--
-
+Causes *mergecap* to print a number of messages while it's working.
-=item -V
+--
 -V::
 +
 --
 Print the version and exit.
 --
-=item -w  E<lt>outfileE<gt>|-
+-w  <outfile>|-::
-
+
-Sets the output filename. If the name is 'B<->', stdout will be used.
+--
 Sets the output filename. If the name is '*-*', stdout will be used.
 This setting is mandatory.
 --
-=back
+== EXAMPLES
 =head1 EXAMPLES
 To merge two capture files together into a third capture file, in which
 the last packet of one file arrives 100 seconds before the first packet
@ -178,29 +180,28 @@ Then the final step would be to use :
 to merge a.pcap and the shifted b.pcap into compare.pcap.
-=head1 SEE ALSO
+== SEE ALSO
-pcap(3), wireshark(1), tshark(1), dumpcap(1), editcap(1), text2pcap(1),
+xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:editcap.html[editcap](1), xref:text2pcap.html[text2pcap](1),
-pcap-filter(7) or tcpdump(8)
+xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8)
-=head1 NOTES
+== NOTES
-B<Mergecap> is based heavily upon B<editcap> by Richard Sharpe
+*Mergecap* is based heavily upon *editcap* by Richard Sharpe
 <sharpe[AT]ns.aus.com> and Guy Harris <guy[AT]alum.mit.edu>.
-B<Mergecap> is part of the B<Wireshark> distribution.  The latest version
+*Mergecap* is part of the *Wireshark* distribution.  The latest version
-of B<Wireshark> can be found at L<https://www.wireshark.org>.
+of *Wireshark* can be found at https://www.wireshark.org.
 HTML versions of the Wireshark project man pages are available at:
-L<https://www.wireshark.org/docs/man-pages>.
+https://www.wireshark.org/docs/man-pages.
-=head1 AUTHORS
+== AUTHORS
-  Original Author
+.Original Author
-  -------- ------
+[%hardbreaks]
-  Scott Renfro             <scott[AT]renfro.org>
+Scott Renfro <scott[AT]renfro.org>
-
+.Contributors
-  Contributors
+[%hardbreaks]
-  ------------
+Bill Guyton <guyton[AT]bguyton.com>
  Bill Guyton              <guyton[AT]bguyton.com>
--- a/doc/mmdbresolve.adoc
+++ b/doc/mmdbresolve.adoc
@ -1,23 +1,25 @@
-=begin man
+= mmdbresolve(1)
 :doctype: manpage
 include::../docbook/attributes.adoc[]
 :stylesheet: ws.css
 :linkcss:
 :copycss: ../docbook/{stylesheet}
-=encoding utf8
+== NAME
 =end man
 =head1 NAME
 mmdbresolve - Read IPv4 and IPv6 addresses and print their IP geolocation information.
-=head1 SYNOPSIS
+== SYNOPSIS
-B<mmdbresolve>
+[manarg]
-S<B<-f E<lt>dbfileE<gt>>>
+*mmdbresolve*
-S<[ B<-f E<lt>dbfileE<gt>> ]>
+*-f <dbfile>*
-I<...>
+[ *-f <dbfile>* ]
 __...__
-=head1 DESCRIPTION
+== DESCRIPTION
-B<mmdbresolve> reads IPv4 and IPv6 addresses on stdin and prints their IP geolocation information
+*mmdbresolve* reads IPv4 and IPv6 addresses on stdin and prints their IP geolocation information
 on stdout. Each input line must contain exactly one address. Output is in INI format, with a section
 delimiter named after the query address followed by a set of "key: value" pairs. A comment
 beginning with "# End" is appended to each section.
@ -25,17 +27,15 @@ beginning with "# End" is appended to each section.
 At startup an "[init]" section is printed that shows the status of each datbase and of mmdbresolve
 itself.
-=head1 OPTIONS
+== OPTIONS
 =over 4
 =item -f
 -f::
 +
 --
 Path to a MaxMind Database file. Multiple databases may be specified.
 --
-=back
+== EXAMPLES
 =head1 EXAMPLES
 To resolve a single address:
@ -56,20 +56,20 @@ Example output:
    location.longitude: -97.822000
    # End 4.4.4.4
-=head1 SEE ALSO
+== SEE ALSO
-wireshark(1), tshark(1)
+xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1)
-=head1 NOTES
+== NOTES
-B<mmdbresolve> is part of the B<Wireshark> distribution. The latest version
+*mmdbresolve* is part of the *Wireshark* distribution. The latest version
-of B<Wireshark> can be found at L<https://www.wireshark.org>.
+of *Wireshark* can be found at https://www.wireshark.org.
 HTML versions of the Wireshark project man pages are available at:
-L<https://www.wireshark.org/docs/man-pages>.
+https://www.wireshark.org/docs/man-pages.
-=head1 AUTHORS
+== AUTHORS
-  Original Author
+.Original Author
-  ---------------
+[%hardbreaks]
-  Gerald Combs            <gerald[AT]wireshark.org>
+Gerald Combs <gerald[AT]wireshark.org>
--- a/doc/pod2adoc.py
+++ b/doc/pod2adoc.py
@ -122,7 +122,7 @@ include::../docbook/attributes.adoc[]
                continue
            # Inline unordered and ordered list items
-            item = re.match(r'=item\s*(\*\s+.*|\d+\.\s+.*)\s*$', podline)
+            item = re.match(r'=item\s*([-\*]\s+.*|\d+\.\s+.*)\s*$', podline)
            if item:
                adoc_body += f'{item.group(1)}'
                continue
--- a/doc/randpkt.adoc
+++ b/doc/randpkt.adoc
@ -1,63 +1,68 @@
-=begin man
+= randpkt(1)
 :doctype: manpage
 include::../docbook/attributes.adoc[]
 :stylesheet: ws.css
 :linkcss:
 :copycss: ../docbook/{stylesheet}
-=encoding utf8
+== NAME
 =end man
 =head1 NAME
 randpkt - Random packet generator
-=head1 SYNOPSIS
+== SYNOPSIS
-B<randpkt>
+[manarg]
-S<[ B<-b> E<lt>maxbytesE<gt> ]>
+*randpkt*
-S<[ B<-c> E<lt>countE<gt> ]>
+[ *-b* <maxbytes> ]
-S<[ B<-t> E<lt>typeE<gt> ]>
+[ *-c* <count> ]
-E<lt>filenameE<gt>
+[ *-t* <type> ]
 <filename>
-=head1 DESCRIPTION
+== DESCRIPTION
-B<randpkt> is a small utility that creates a B<pcap> trace file
+*randpkt* is a small utility that creates a *pcap* trace file
 full of random packets.
 By creating many randomized packets of a certain type, you can
 test packet sniffers to see how well they handle malformed packets.
 The sniffer can never trust the data that it sees in the packet because
 you can always sniff a very bad packet that conforms to no standard.
-B<randpkt> produces I<very bad> packets.
+*randpkt* produces __very bad__ packets.
-When creating packets of a certain type, B<randpkt> uses a sample
+When creating packets of a certain type, *randpkt* uses a sample
-packet that is stored internally to B<randpkt>. It uses this as the
+packet that is stored internally to *randpkt*. It uses this as the
 starting point for your random packets, and then adds extra random
 bytes to the end of this sample packet.
-For example, if you choose to create random ARP packets, B<randpkt>
+For example, if you choose to create random ARP packets, *randpkt*
 will create a packet which contains a predetermined Ethernet II header,
 with the Type field set to ARP. After the Ethernet II header, it will
 put a random number of bytes with random values.
-=head1 OPTIONS
+== OPTIONS
 =over 4
 =item -b E<lt>maxbytesE<gt>
 -b <maxbytes>::
 +
 --
 Default 5000.
 Defines the maximum number of bytes added to the sample packet.
-If you choose a B<maxbytes> value that is less than the size of the
+If you choose a *maxbytes* value that is less than the size of the
 sample packet, then your packets would contain only the sample
-packet... not much variance there! B<randpkt> exits on that condition.
+packet... not much variance there! *randpkt* exits on that condition.
-
+--
 =item -c E<lt>countE<gt>
 -c <count>::
 +
 --
 Default 1000.
 Defines the number of packets to generate.
 --
-=item -t E<lt>typeE<gt>
+-t <type>::
-
+
 --
 Default Ethernet II frame.
 Defines the type of packet to generate:
@ -85,10 +90,9 @@ Defines the type of packet to generate:
        udp             User Datagram Protocol
        usb             Universal Serial Bus
        usb-linux       Universal Serial Bus with Linux specific header
 --
-=back
+== EXAMPLES
 =head1 EXAMPLES
 To see a description of the randpkt options use:
@ -102,6 +106,6 @@ To generate a small capture file with just a single LLC frame use:
    randpkt -b 100 -c 1 -t llc single_llc.pcap
-=head1 SEE ALSO
+== SEE ALSO
-pcap(3), editcap(1)
+xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:editcap.html[editcap](1)
--- a/doc/randpktdump.adoc
+++ b/doc/randpktdump.adoc
@ -1,100 +1,126 @@
-=begin man
+= randpktdump(1)
 :doctype: manpage
 include::../docbook/attributes.adoc[]
 :stylesheet: ws.css
 :linkcss:
 :copycss: ../docbook/{stylesheet}
-=encoding utf8
+== NAME
 =end man
 =head1 NAME
 randpktdump - Provide an interface to generate random captures using randpkt
-=head1 SYNOPSIS
+== SYNOPSIS
-B<randpktdump>
+[manarg]
-S<[ B<--help> ]>
+*randpktdump*
-S<[ B<--version> ]>
+[ *--help* ]
-S<[ B<--extcap-interfaces> ]>
+[ *--version* ]
-S<[ B<--extcap-dlts> ]>
+[ *--extcap-interfaces* ]
-S<[ B<--extcap-interface>=E<lt>interfaceE<gt> ]>
+[ *--extcap-dlts* ]
-S<[ B<--extcap-config> ]>
+[ *--extcap-interface*=<interface> ]
-S<[ B<--capture> ]>
+[ *--extcap-config* ]
-S<[ B<--fifo>=E<lt>path to file or pipeE<gt> ]>
+[ *--capture* ]
-S<[ B<--maxbytes>=E<lt>bytesE<gt> ]>
+[ *--fifo*=<path to file or pipe> ]
-S<[ B<--count>=E<lt>numE<gt> ]>
+[ *--maxbytes*=<bytes> ]
-S<[ B<--delay>=E<lt>msE<gt> ]>
+[ *--count*=<num> ]
-S<[ B<--random-type>=E<lt>true|falseE<gt> ]>
+[ *--delay*=<ms> ]
-S<[ B<--all-random>=E<lt>true|falseE<gt> ]>
+[ *--random-type*=<true|false> ]
-S<[ B<--type>=E<lt>packet typeE<gt> ]>
+[ *--all-random*=<true|false> ]
 [ *--type*=<packet type> ]
-=head1 DESCRIPTION
+== DESCRIPTION
-B<randpktdump> is a extcap tool that provides access to the random
+*randpktdump* is a extcap tool that provides access to the random
 packet generator (randpkt). It is mainly used for testing and
 educational purpose.
-=head1 OPTIONS
+== OPTIONS
 =over 4
 =item --help
 --help::
 +
 --
 Print program arguments.
 --
-=item --version
+--version::
-
+
 --
 Print program version.
 --
-=item --extcap-interfaces
+--extcap-interfaces::
-
+
 --
 List available interfaces.
 --
-=item --extcap-interface=E<lt>interfaceE<gt>
+--extcap-interface=<interface>::
-
+
 --
 Use specified interfaces.
 --
-=item --extcap-dlts
+--extcap-dlts::
-
+
 --
 List DLTs of specified interface.
 --
-=item --extcap-config
+--extcap-config::
-
+
 --
 List configuration options of specified interface.
 --
-=item --capture
+--capture::
-
+
 --
 Start capturing from specified interface save saved it in place specified by --fifo.
 --
-=item --fifo=E<lt>path to file or pipeE<gt>
+--fifo=<path to file or pipe>::
-
+
 --
 Save captured packet to file or send it through pipe.
 --
-=item --maxbytes=E<lt>bytesE<gt>
+--maxbytes=<bytes>::
-
+
 --
 Set the max number of bytes per packet.
 --
-=item --count=E<lt>numE<gt>
+--count=<num>::
-
+
 --
 Number of packets to generate (-1 for infinite).
 --
-=item --delay=E<lt>msE<gt>
+--delay=<ms>::
-
+
 --
 Wait a number of milliseconds after writing each packet.
 --
-=item --random-type
+--random-type::
-
+
 --
 Choose a random packet type for all packets if set to true.
 --
-=item --all-random
+--all-random::
-
+
 --
 Choose a different random packet type for each packet if set to true.
 --
-=item --type=E<lt>packet typeE<gt>
+--type=<packet type>::
-
+
 --
 Use the selected packet type. To list all the available packet type, run randpktdump --help.
 --
-=back
+== EXAMPLES
 =head1 EXAMPLES
 To see program arguments:
@ -139,20 +165,20 @@ To capture:
 NOTE: To stop capturing CTRL+C/kill/terminate application.
-=head1 SEE ALSO
+== SEE ALSO
-wireshark(1), tshark(1), dumpcap(1), extcap(4), randpkt(1)
+xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4), xref:randpkt.html[randpkt](1)
-=head1 NOTES
+== NOTES
-B<randpktdump> is part of the B<Wireshark> distribution.  The latest version
+*randpktdump* is part of the *Wireshark* distribution.  The latest version
-of B<Wireshark> can be found at L<https://www.wireshark.org>.
+of *Wireshark* can be found at https://www.wireshark.org.
 HTML versions of the Wireshark project man pages are available at:
-L<https://www.wireshark.org/docs/man-pages>.
+https://www.wireshark.org/docs/man-pages.
-=head1 AUTHORS
+== AUTHORS
-  Original Author
+.Original Author
-  ---------------
+[%hardbreaks]
-  Dario Lombardo             <lomato[AT]gmail.com>
+Dario Lombardo <lomato[AT]gmail.com>
--- a/doc/rawshark.adoc
+++ b/doc/rawshark.adoc
@ -1,47 +1,49 @@
-=begin man
+= rawshark(1)
 :doctype: manpage
 include::../docbook/attributes.adoc[]
 :stylesheet: ws.css
 :linkcss:
 :copycss: ../docbook/{stylesheet}
-=encoding utf8
+== NAME
 =end man
 =head1 NAME
 rawshark - Dump and analyze raw pcap data
-=head1 SYNOPSIS
+== SYNOPSIS
-B<rawshark>
+[manarg]
-S<[ B<-d> E<lt>encap:linktypeE<gt>|E<lt>proto:protonameE<gt> ]>
+*rawshark*
-S<[ B<-F> E<lt>field to displayE<gt> ]>
+[ *-d* <encap:linktype>|<proto:protoname> ]
-S<[ B<-h> ]>
+[ *-F* <field to display> ]
-S<[ B<-l> ]>
+[ *-h* ]
-S<[ B<-m> E<lt>bytesE<gt> ]>
+[ *-l* ]
-S<[ B<-n> ]>
+[ *-m* <bytes> ]
-S<[ B<-N> E<lt>name resolving flagsE<gt> ]>
+[ *-n* ]
-S<[ B<-o> E<lt>preference settingE<gt> ] ...>
+[ *-N* <name resolving flags> ]
-S<[ B<-p> ]>
+[ *-o* <preference setting> ] ...
-S<[ B<-r> E<lt>pipeE<gt>|- ]>
+[ *-p* ]
-S<[ B<-R> E<lt>read (display) filterE<gt> ]>
+[ *-r* <pipe>|- ]
-S<[ B<-s> ]>
+[ *-R* <read (display) filter> ]
-S<[ B<-S> E<lt>field formatE<gt> ]>
+[ *-s* ]
-S<[ B<-t> a|ad|adoy|d|dd|e|r|u|ud|udoy ]>
+[ *-S* <field format> ]
-S<[ B<-v> ]>
+[ *-t* a|ad|adoy|d|dd|e|r|u|ud|udoy ]
 [ *-v* ]
-=head1 DESCRIPTION
+== DESCRIPTION
-B<Rawshark> reads a stream of packets from a file or pipe, and prints a line
+*Rawshark* reads a stream of packets from a file or pipe, and prints a line
 describing its output, followed by a set of matching fields for each packet
 on stdout.
-=head1 INPUT
+== INPUT
-Unlike B<TShark>, B<Rawshark> makes no assumptions about encapsulation or
+Unlike *TShark*, *Rawshark* makes no assumptions about encapsulation or
-input. The B<-d> and B<-r> flags must be specified in order for it to run.
+input. The *-d* and *-r* flags must be specified in order for it to run.
-One or more B<-F> flags should be specified in order for the output to be
+One or more *-F* flags should be specified in order for the output to be
 useful. The other flags listed above follow the same conventions as
-B<Wireshark> and B<TShark>.
+*Wireshark* and *TShark*.
-B<Rawshark> expects input records with the following format by default. This
+*Rawshark* expects input records with the following format by default. This
 matches the format of the packet header and packet data in a pcap-formatted
 file on disk.
@ -53,15 +55,15 @@ file on disk.
        uint8_t data[caplen]; /* Packet data */
    };
-If B<-p> is supplied B<rawshark> expects the following format.  This
+If *-p* is supplied *rawshark* expects the following format.  This
-matches the I<struct pcap_pkthdr> structure and packet data used in
+matches the __struct pcap_pkthdr__ structure and packet data used in
 libpcap, Npcap, or WinPcap.  This structure's format is platform-dependent; the
-size of the I<tv_sec> field in the I<struct timeval> structure could be
+size of the __tv_sec__ field in the __struct timeval__ structure could be
-32 bits or 64 bits.  For B<rawshark> to work, the layout of the
+32 bits or 64 bits.  For *rawshark* to work, the layout of the
 structure in the input must match the layout of the structure in
-B<rawshark>.  Note that this format will probably be the same as the
+*rawshark*.  Note that this format will probably be the same as the
-previous format if B<rawshark> is a 32-bit program, but will not
+previous format if *rawshark* is a 32-bit program, but will not
-necessarily be the same if B<rawshark> is a 64-bit program.
+necessarily be the same if *rawshark* is a 64-bit program.
    struct rawshark_rec_s {
        struct timeval ts;    /* Time stamp */
@ -71,17 +73,17 @@ necessarily be the same if B<rawshark> is a 64-bit program.
    };
 In either case, the endianness (byte ordering) of each integer must match the
-system on which B<rawshark> is running.
+system on which *rawshark* is running.
-=head1 OUTPUT
+== OUTPUT
-If one or more fields are specified via the B<-F> flag, B<Rawshark> prints
+If one or more fields are specified via the *-F* flag, *Rawshark* prints
 the number, field type, and display format for each field on the first line
 as "packet number" 0. For each record, the packet number, matching fields,
 and a "1" or "0" are printed to indicate if the field matched any supplied
 display filter. A "-" is used to signal the end of a field description and
-at the end of each packet line. For example, the flags B<-F ip.src -F
+at the end of each packet line. For example, the flags *-F ip.src -F
-dns.qry.type> might generate the following output:
+ dns.qry.type* might generate the following output:
    0 FT_IPv4 BASE_NONE - 1 FT_UINT16 BASE_HEX -
    1 1="1" 0="192.168.77.10" 1 -
@ -89,7 +91,7 @@ dns.qry.type> might generate the following output:
    3 0="192.168.77.10" 1 -
    4 0="74.125.19.104" 1 -
-Note that packets 1 and 2 are DNS queries, and 3 and 4 are not. Adding B<-R "not dns"> still prints each line, but there's an indication
+Note that packets 1 and 2 are DNS queries, and 3 and 4 are not. Adding *-R "not dns"* still prints each line, but there's an indication
 that packets 1 and 2 didn't pass the filter:
    0 FT_IPv4 BASE_NONE - 1 FT_UINT16 BASE_HEX -
@ -101,234 +103,261 @@ that packets 1 and 2 didn't pass the filter:
 Also note that the output may be in any order, and that multiple matching
 fields might be displayed.
-=head1 OPTIONS
+== OPTIONS
 =over 4
 =item -d  E<lt>encapsulationE<gt>
 -d  <encapsulation>::
 +
 --
 Specify how the packet data should be dissected. The encapsulation is of the
-form I<type:value>, where I<type> is one of:
+form __type:value__, where __type__ is one of:
-B<encap>:I<name> Packet data should be dissected using the
+*encap*:__name__ Packet data should be dissected using the
-libpcap/Npcap/WinPcap data link type (DLT) I<name>, e.g. B<encap:EN10MB> for
+libpcap/Npcap/WinPcap data link type (DLT) __name__, e.g. *encap:EN10MB* for
 Ethernet.  Names are converted using pcap_datalink_name_to_val().
 A complete list of DLTs can be found at
-L<https://www.tcpdump.org/linktypes.html>.
+https://www.tcpdump.org/linktypes.html.
-B<encap>:I<number> Packet data should be dissected using the
+*encap*:__number__ Packet data should be dissected using the
-libpcap/Npcap/WinPcap LINKTYPE_ I<number>, e.g. B<encap:105> for raw IEEE
+libpcap/Npcap/WinPcap LINKTYPE_ __number__, e.g. *encap:105* for raw IEEE
-802.11 or B<encap:101> for raw IP.
+802.11 or *encap:101* for raw IP.
-B<proto>:I<protocol> Packet data should be passed to the specified Wireshark
+*proto*:__protocol__ Packet data should be passed to the specified Wireshark
-protocol dissector, e.g. B<proto:http> for HTTP data.
+protocol dissector, e.g. *proto:http* for HTTP data.
-
+--
 =item -F  E<lt>field to displayE<gt>
 -F  <field to display>::
 +
 --
 Add the matching field to the output. Fields are any valid display filter
-field. More than one B<-F> flag may be specified, and each field can match
+field. More than one *-F* flag may be specified, and each field can match
-multiple times in a given packet. A single field may be specified per B<-F>
+multiple times in a given packet. A single field may be specified per *-F*
-flag. If you want to apply a display filter, use the B<-R> flag.
+flag. If you want to apply a display filter, use the *-R* flag.
-
+--
 =item -h
 -h::
 +
 --
 Print the version and options and exits.
 --
-=item -l
+-l::
-
+
 --
 Flush the standard output after the information for each packet is
-printed.  (This is not, strictly speaking, line-buffered if B<-V>
+printed.  (This is not, strictly speaking, line-buffered if *-V*
-was specified; however, it is the same as line-buffered if B<-V> wasn't
+was specified; however, it is the same as line-buffered if *-V* wasn't
-specified, as only one line is printed for each packet, and, as B<-l> is
+specified, as only one line is printed for each packet, and, as *-l* is
 normally used when piping a live capture to a program or script, so that
 output for a packet shows up as soon as the packet is seen and
 dissected, it should work just as well as true line-buffering.  We do
 this as a workaround for a deficiency in the Microsoft Visual C++ C
 library.)
-This may be useful when piping the output of B<TShark> to another
+This may be useful when piping the output of *TShark* to another
 program, as it means that the program to which the output is piped will
-see the dissected data for a packet as soon as B<TShark> sees the
+see the dissected data for a packet as soon as *TShark* sees the
 packet and generates that output, rather than seeing it only when the
 standard output buffer containing that data fills up.
 --
-=item -m  E<lt>memory limit bytesE<gt>
+-m  <memory limit bytes>::
-
+
 --
 Limit rawshark's memory usage to the specified number of bytes. POSIX
 (non-Windows) only.
 --
-=item -n
+-n::
-
+
 --
 Disable network object name resolution (such as hostname, TCP and UDP port
-names), the B<-N> flag might override this one.
+names), the *-N* flag might override this one.
-
+--
 =item -N  E<lt>name resolving flagsE<gt>
 -N  <name resolving flags>::
 +
 --
 Turn on name resolving only for particular types of addresses and port
 numbers, with name resolving for other types of addresses and port
-numbers turned off. This flag overrides B<-n> if both B<-N> and B<-n> are
+numbers turned off. This flag overrides *-n* if both *-N* and *-n* are
-present. If both B<-N> and B<-n> flags are not present, all name resolutions are
+present. If both *-N* and *-n* flags are not present, all name resolutions are
 turned on.
 The argument is a string that may contain the letters:
-B<m> to enable MAC address resolution
+*m* to enable MAC address resolution
-B<n> to enable network address resolution
+*n* to enable network address resolution
-B<N> to enable using external resolvers (e.g., DNS) for network address
+*N* to enable using external resolvers (e.g., DNS) for network address
 resolution
-B<t> to enable transport-layer port number resolution
+*t* to enable transport-layer port number resolution
-B<d> to enable resolution from captured DNS packets
+*d* to enable resolution from captured DNS packets
-B<v> to enable VLAN IDs to names resolution
+*v* to enable VLAN IDs to names resolution
-
+--
 =item -o  E<lt>preferenceE<gt>:E<lt>valueE<gt>
 -o  <preference>:<value>::
 +
 --
 Set a preference value, overriding the default value and any value read
 from a preference file.  The argument to the option is a string of the
-form I<prefname:value>, where I<prefname> is the name of the
+form __prefname:value__, where __prefname__ is the name of the
 preference (which is the same name that would appear in the preference
-file), and I<value> is the value to which it should be set.
+file), and __value__ is the value to which it should be set.
-
+--
 =item -p
 -p::
 +
 --
 Assume that packet data is preceded by a pcap_pkthdr struct as defined in
 pcap.h. On some systems the size of the timestamp data will be different from
 the data written to disk. On other systems they are identical and this flag has
 no effect.
 --
-=item -r  E<lt>pipeE<gt>|-
+-r  <pipe>|-::
-
+
-Read packet data from I<input source>. It can be either the name of a FIFO
+--
 Read packet data from __input source__. It can be either the name of a FIFO
 (named pipe) or ``-'' to read data from the standard input, and must have
 the record format specified above.
 If you are sending data to rawshark from a parent process on Windows you
 should not close rawshark's standard input handle prematurely, otherwise
 the C runtime might trigger an exception.
 --
-=item -R  E<lt>read (display) filterE<gt>
+-R  <read (display) filter>::
-
+
 --
 Cause the specified filter (which uses the syntax of read/display filters,
 rather than that of capture filters) to be applied before printing the output.
 --
-=item -s
+-s::
-
+
 --
 Allows standard pcap files to be used as input, by skipping over the 24
 byte pcap file header.
 --
-=item -S
+-S::
-
+
 --
 Use the specified format string to print each field. The following formats
 are supported:
-B<%D> Field name or description, e.g. "Type" for dns.qry.type
+*%D* Field name or description, e.g. "Type" for dns.qry.type
-B<%N> Base 10 numeric value of the field.
+*%N* Base 10 numeric value of the field.
-B<%S> String value of the field.
+*%S* String value of the field.
 For something similar to Wireshark's standard display ("Type: A (1)") you
-could use B<%D: %S (%N)>.
+could use *%D: %S (%N)*.
-
+--
 =item -t  a|ad|adoy|d|dd|e|r|u|ud|udoy
 -t  a|ad|adoy|d|dd|e|r|u|ud|udoy::
 +
 --
 Set the format of the packet timestamp printed in summary lines.
 The format can be one of:
-B<a> absolute: The absolute time, as local time in your time zone,
+*a* absolute: The absolute time, as local time in your time zone,
 is the actual time the packet was captured, with no date displayed
-B<ad> absolute with date: The absolute date, displayed as YYYY-MM-DD,
+*ad* absolute with date: The absolute date, displayed as YYYY-MM-DD,
 and time, as local time in your time zone, is the actual time and date
 the packet was captured
-B<adoy> absolute with date using day of year: The absolute date,
+*adoy* absolute with date using day of year: The absolute date,
 displayed as YYYY/DOY, and time, as local time in your time zone,
 is the actual time and date the packet was captured
-B<d> delta: The delta time is the time since the previous packet was
+*d* delta: The delta time is the time since the previous packet was
 captured
-B<dd> delta_displayed: The delta_displayed time is the time since the
+*dd* delta_displayed: The delta_displayed time is the time since the
 previous displayed packet was captured
-B<e> epoch: The time in seconds since epoch (Jan 1, 1970 00:00:00)
+*e* epoch: The time in seconds since epoch (Jan 1, 1970 00:00:00)
-B<r> relative: The relative time is the time elapsed between the first packet
+*r* relative: The relative time is the time elapsed between the first packet
 and the current packet
-B<u> UTC: The absolute time, as UTC, is the actual time the packet was
+*u* UTC: The absolute time, as UTC, is the actual time the packet was
 captured, with no date displayed
-B<ud> UTC with date: The absolute date, displayed as YYYY-MM-DD,
+*ud* UTC with date: The absolute date, displayed as YYYY-MM-DD,
 and time, as UTC, is the actual time and date the packet was captured
-B<udoy> UTC with date using day of year: The absolute date, displayed
+*udoy* UTC with date using day of year: The absolute date, displayed
 as YYYY/DOY, and time, as UTC, is the actual time and date the packet
 was captured
 The default format is relative.
 --
-=item -v
+-v::
-
+
 --
 Print the version and exit.
 --
-=back
+== READ FILTER SYNTAX
 =head1 READ FILTER SYNTAX
 For a complete table of protocol and protocol fields that are filterable
-in B<TShark> see the wireshark-filter(4) manual page.
+in *TShark* see the xref:wireshark-filter.html[wireshark-filter](4) manual page.
-=head1 FILES
+== FILES
-These files contains various B<Wireshark> configuration values.
+These files contains various *Wireshark* configuration values.
-=over 4
+Preferences::
-
+
-=item Preferences
+--
-
+The __preferences__ files contain global (system-wide) and personal
 The F<preferences> files contain global (system-wide) and personal
 preference settings. If the system-wide preference file exists, it is
 read first, overriding the default settings. If the personal preferences
 file exists, it is read next, overriding any previous values. Note: If
-the command line option B<-o> is used (possibly more than once), it will
+the command line option *-o* is used (possibly more than once), it will
 in turn override values from the preferences files.
-The preferences settings are in the form I<prefname:value>,
+The preferences settings are in the form __prefname:value__,
 one per line,
-where I<prefname> is the name of the preference
+where __prefname__ is the name of the preference
-and I<value> is the value to
+and __value__ is the value to
-which it should be set; white space is allowed between B<:> and
+which it should be set; white space is allowed between *:* and
-I<value>.  A preference setting can be continued on subsequent lines by
+__value__.  A preference setting can be continued on subsequent lines by
-indenting the continuation lines with white space.  A B<#> character
+indenting the continuation lines with white space.  A *#* character
 starts a comment that runs to the end of the line:
  # Capture in promiscuous mode?
  # TRUE or FALSE (case-insensitive).
  capture.prom_mode: TRUE
-The global preferences file is looked for in the F<wireshark> directory
+The global preferences file is looked for in the __wireshark__ directory
-under the F<share> subdirectory of the main installation directory (for
+under the __share__ subdirectory of the main installation directory (for
-example, F</usr/local/share/wireshark/preferences>) on UNIX-compatible
+example, __/usr/local/share/wireshark/preferences__) on UNIX-compatible
 systems, and in the main installation directory (for example,
-F<C:\Program Files\Wireshark\preferences>) on Windows systems.
+__C:\Program Files\Wireshark\preferences__) on Windows systems.
 The personal preferences file is looked for in
-F<$XDG_CONFIG_HOME/wireshark/preferences>
+__$XDG_CONFIG_HOME/wireshark/preferences__
-(or, if F<$XDG_CONFIG_HOME/wireshark> does not exist while F<$HOME/.wireshark>
+(or, if __$XDG_CONFIG_HOME/wireshark__ does not exist while __$HOME/.wireshark__
-is present, F<$HOME/.wireshark/preferences>) on
+is present, __$HOME/.wireshark/preferences__) on
-UNIX-compatible systems and F<%APPDATA%\Wireshark\preferences> (or, if
+UNIX-compatible systems and __%APPDATA%\Wireshark\preferences__ (or, if
-%APPDATA% isn't defined, F<%USERPROFILE%\Application
+%APPDATA% isn't defined, __%USERPROFILE%\Application
-Data\Wireshark\preferences>) on Windows systems.
+ Data\Wireshark\preferences__) on Windows systems.
 --
-=item Disabled (Enabled) Protocols
+Disabled (Enabled) Protocols::
-
+
-The F<disabled_protos> files contain system-wide and personal lists of
+--
 The __disabled_protos__ files contain system-wide and personal lists of
 protocols that have been disabled, so that their dissectors are never
 called.  The files contain protocol names, one per line, where the
 protocol name is the same name that would be used in a display filter
@ -337,29 +366,33 @@ for the protocol:
  http
  tcp     # a comment
-The global F<disabled_protos> file uses the same directory as the global
+The global __disabled_protos__ file uses the same directory as the global
 preferences file.
-The personal F<disabled_protos> file uses the same directory as the
+The personal __disabled_protos__ file uses the same directory as the
 personal preferences file.
 --
-=item Name Resolution (hosts)
+Name Resolution (hosts)::
-
+
-If the personal F<hosts> file exists, it is
+--
 If the personal __hosts__ file exists, it is
 used to resolve IPv4 and IPv6 addresses before any other
-attempts are made to resolve them.  The file has the standard F<hosts>
+attempts are made to resolve them.  The file has the standard __hosts__
 file syntax; each line contains one IP address and name, separated by
 whitespace. The same directory as for the personal preferences file is
 used.
 Capture filter name resolution is handled by libpcap on UNIX-compatible
 systems and Npcap or WinPcap on Windows.  As such the Wireshark personal
-F<hosts> file will not be consulted for capture filter name resolution.
+__hosts__ file will not be consulted for capture filter name resolution.
-
+--
 =item Name Resolution (subnets)
 Name Resolution (subnets)::
 +
 --
 If an IPv4 address cannot be translated via name resolution (no exact
-match is found) then a partial match is attempted via the F<subnets> file.
+match is found) then a partial match is attempted via the __subnets__ file.
 Each line of this file consists of an IPv4 address, a subnet mask length
 separated only by a / and a name separated by whitespace. While the address
@ -375,40 +408,44 @@ A partially matched name will be printed as "subnet-name.remaining-address".
 For example, "192.168.0.1" under the subnet above would be printed as
 "ws_test_network.1"; if the mask length above had been 16 rather than 24, the
 printed address would be ``ws_test_network.0.1".
 --
-=item Name Resolution (ethers)
+Name Resolution (ethers)::
-
+
-The F<ethers> files are consulted to correlate 6-byte hardware addresses to
+--
-names. First the personal F<ethers> file is tried and if an address is not
+The __ethers__ files are consulted to correlate 6-byte hardware addresses to
-found there the global F<ethers> file is tried next.
+names. First the personal __ethers__ file is tried and if an address is not
 found there the global __ethers__ file is tried next.
 Each line contains one hardware address and name, separated by
 whitespace.  The digits of the hardware address are separated by colons
 (:), dashes (-) or periods (.).  The same separator character must be
 used consistently in an address. The following three lines are valid
-lines of an F<ethers> file:
+lines of an __ethers__ file:
  ff:ff:ff:ff:ff:ff          Broadcast
  c0-00-ff-ff-ff-ff          TR_broadcast
  00.00.00.00.00.00          Zero_broadcast
-The global F<ethers> file is looked for in the F</etc> directory on
+The global __ethers__ file is looked for in the __/etc__ directory on
 UNIX-compatible systems, and in the main installation directory (for
-example, F<C:\Program Files\Wireshark>) on Windows systems.
+example, __C:\Program Files\Wireshark__) on Windows systems.
-The personal F<ethers> file is looked for in the same directory as the personal
+The personal __ethers__ file is looked for in the same directory as the personal
 preferences file.
 Capture filter name resolution is handled by libpcap on UNIX-compatible
 systems and Npcap or WinPcap on Windows.  As such the Wireshark personal
-F<ethers> file will not be consulted for capture filter name resolution.
+__ethers__ file will not be consulted for capture filter name resolution.
 --
-=item Name Resolution (manuf)
+Name Resolution (manuf)::
-
+
-The F<manuf> file is used to match the 3-byte vendor portion of a 6-byte
+--
 The __manuf__ file is used to match the 3-byte vendor portion of a 6-byte
 hardware address with the manufacturer's name; it can also contain well-known
 MAC addresses and address ranges specified with a netmask.  The format of the
-file is the same as the F<ethers> files, except that entries of the form:
+file is the same as the __ethers__ files, except that entries of the form:
  00:00:0C      Cisco
@ -423,14 +460,16 @@ significant bits, or 5 bytes, and would match addresses from
 00-00-0C-07-AC-00 through 00-00-0C-07-AC-FF. The mask need not be a
 multiple of 8.
-The F<manuf> file is looked for in the same directory as the global
+The __manuf__ file is looked for in the same directory as the global
 preferences file.
 --
-=item Name Resolution (services)
+Name Resolution (services)::
 +
 --
 The __services__ file is used to translate port numbers into names.
-The F<services> file is used to translate port numbers into names.
+The file has the standard __services__ file syntax; each line contains one
 The file has the standard F<services> file syntax; each line contains one
 (service) name and one transport identifier separated by white space.  The
 transport identifier includes one port number and one transport protocol name
 (typically tcp, udp, or sctp) separated by a /.
@ -439,120 +478,133 @@ An example is:
 mydns       5045/udp     # My own Domain Name Server
 mydns       5045/tcp     # My own Domain Name Server
 --
-=item Name Resolution (ipxnets)
+Name Resolution (ipxnets)::
-
+
-The F<ipxnets> files are used to correlate 4-byte IPX network numbers to
+--
-names. First the global F<ipxnets> file is tried and if that address is not
+The __ipxnets__ files are used to correlate 4-byte IPX network numbers to
 names. First the global __ipxnets__ file is tried and if that address is not
 found there the personal one is tried next.
-The format is the same as the F<ethers>
+The format is the same as the __ethers__
 file, except that each address is four bytes instead of six.
 Additionally, the address can be represented as a single hexadecimal
 number, as is more common in the IPX world, rather than four hex octets.
-For example, these four lines are valid lines of an F<ipxnets> file:
+For example, these four lines are valid lines of an __ipxnets__ file:
  C0.A8.2C.00              HR
  c0-a8-1c-00              CEO
  00:00:BE:EF              IT_Server1
  110f                     FileServer3
-The global F<ipxnets> file is looked for in the F</etc> directory on
+The global __ipxnets__ file is looked for in the __/etc__ directory on
 UNIX-compatible systems, and in the main installation directory (for
-example, F<C:\Program Files\Wireshark>) on Windows systems.
+example, __C:\Program Files\Wireshark__) on Windows systems.
-The personal F<ipxnets> file is looked for in the same directory as the
+The personal __ipxnets__ file is looked for in the same directory as the
 personal preferences file.
 --
-=back
+== ENVIRONMENT VARIABLES
 =head1 ENVIRONMENT VARIABLES
 =over 4
 =item WIRESHARK_CONFIG_DIR
 WIRESHARK_CONFIG_DIR::
 +
 --
 This environment variable overrides the location of personal configuration
-files. It defaults to F<$XDG_CONFIG_HOME/wireshark> (or F<$HOME/.wireshark> if
+files. It defaults to __$XDG_CONFIG_HOME/wireshark__ (or __$HOME/.wireshark__ if
 the former is missing while the latter exists). On Windows,
-F<%APPDATA%\Wireshark> is used instead. Available since Wireshark 3.0.
+__%APPDATA%\Wireshark__ is used instead. Available since Wireshark 3.0.
-
+--
 =item WIRESHARK_DEBUG_WMEM_OVERRIDE
 WIRESHARK_DEBUG_WMEM_OVERRIDE::
 +
 --
 Setting this environment variable forces the wmem framework to use the
 specified allocator backend for *all* allocations, regardless of which
 backend is normally specified by the code. This is mainly useful to developers
-when testing or debugging. See I<README.wmem> in the source distribution for
+when testing or debugging. See __README.wmem__ in the source distribution for
 details.
 --
-=item WIRESHARK_RUN_FROM_BUILD_DIRECTORY
+WIRESHARK_RUN_FROM_BUILD_DIRECTORY::
-
+
 --
 This environment variable causes the plugins and other data files to be loaded
 from the build directory (where the program was compiled) rather than from the
 standard locations.  It has no effect when the program in question is running
 with root (or setuid) permissions on *NIX.
 --
-=item WIRESHARK_DATA_DIR
+WIRESHARK_DATA_DIR::
-
+
 --
 This environment variable causes the various data files to be loaded from
 a directory other than the standard locations.  It has no effect when the
 program in question is running with root (or setuid) permissions on *NIX.
 --
-=item ERF_RECORDS_TO_CHECK
+ERF_RECORDS_TO_CHECK::
-
+
 --
 This environment variable controls the number of ERF records checked when
 deciding if a file really is in the ERF format.  Setting this environment
 variable a number higher than the default (20) would make false positives
 less likely.
 --
-=item IPFIX_RECORDS_TO_CHECK
+IPFIX_RECORDS_TO_CHECK::
-
+
 --
 This environment variable controls the number of IPFIX records checked when
 deciding if a file really is in the IPFIX format.  Setting this environment
 variable a number higher than the default (20) would make false positives
 less likely.
 --
-=item WIRESHARK_ABORT_ON_DISSECTOR_BUG
+WIRESHARK_ABORT_ON_DISSECTOR_BUG::
-
+
-If this environment variable is set, B<Rawshark> will call abort(3)
+--
 If this environment variable is set, *Rawshark* will call abort(3)
 when a dissector bug is encountered.  abort(3) will cause the program to
-exit abnormally; if you are running B<Rawshark> in a debugger, it
+exit abnormally; if you are running *Rawshark* in a debugger, it
 should halt in the debugger and allow inspection of the process, and, if
 you are not running it in a debugger, it will, on some OSes, assuming
 your environment is configured correctly, generate a core dump file.
 This can be useful to developers attempting to troubleshoot a problem
 with a protocol dissector.
 --
-=item WIRESHARK_ABORT_ON_TOO_MANY_ITEMS
+WIRESHARK_ABORT_ON_TOO_MANY_ITEMS::
-
+
-If this environment variable is set, B<Rawshark> will call abort(3)
+--
 If this environment variable is set, *Rawshark* will call abort(3)
 if a dissector tries to add too many items to a tree (generally this
 is an indication of the dissector not breaking out of a loop soon enough).
 abort(3) will cause the program to exit abnormally; if you are running
-B<Rawshark> in a debugger, it should halt in the debugger and allow
+*Rawshark* in a debugger, it should halt in the debugger and allow
 inspection of the process, and, if you are not running it in a debugger,
 it will, on some OSes, assuming your environment is configured correctly,
 generate a core dump file.  This can be useful to developers attempting to
 troubleshoot a problem with a protocol dissector.
 --
-=back
+== SEE ALSO
-=head1 SEE ALSO
+xref:wireshark-filter.html[wireshark-filter](4), xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:editcap.html[editcap](1), xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:dumpcap.html[dumpcap](1),
 xref:text2pcap.html[text2pcap](1), xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8)
-wireshark-filter(4), wireshark(1), tshark(1), editcap(1), pcap(3), dumpcap(1),
+== NOTES
 text2pcap(1), pcap-filter(7) or tcpdump(8)
-=head1 NOTES
+*Rawshark* is part of the *Wireshark* distribution. The latest version of
-
+*Wireshark* can be found at https://www.wireshark.org.
 B<Rawshark> is part of the B<Wireshark> distribution. The latest version of
 B<Wireshark> can be found at L<https://www.wireshark.org>.
 HTML versions of the Wireshark project man pages are available at:
-L<https://www.wireshark.org/docs/man-pages>.
+https://www.wireshark.org/docs/man-pages.
-=head1 AUTHORS
+== AUTHORS
-B<Rawshark> uses the same packet dissection code that B<Wireshark> does, as
+*Rawshark* uses the same packet dissection code that *Wireshark* does, as
-well as using many other modules from B<Wireshark>; see the list of authors
+well as using many other modules from *Wireshark*; see the list of authors
-in the B<Wireshark> man page for a list of authors of that code.
+in the *Wireshark* man page for a list of authors of that code.
--- a/doc/reordercap.adoc
+++ b/doc/reordercap.adoc
@ -1,23 +1,25 @@
-=begin man
+= reordercap(1)
 :doctype: manpage
 include::../docbook/attributes.adoc[]
 :stylesheet: ws.css
 :linkcss:
 :copycss: ../docbook/{stylesheet}
-=encoding utf8
+== NAME
 =end man
 =head1 NAME
 reordercap - Reorder input file by timestamp into output file
-=head1 SYNOPSIS
+== SYNOPSIS
-B<reordercap>
+[manarg]
-S<[ B<-n> ]>
+*reordercap*
-S<[ B<-v> ]>
+[ *-n* ]
-E<lt>I<infile>E<gt> E<lt>I<outfile>E<gt>
+[ *-v* ]
 <__infile__> <__outfile__>
-=head1 DESCRIPTION
+== DESCRIPTION
-B<Reordercap> is a program that reads an input capture file and rewrites the
+*Reordercap* is a program that reads an input capture file and rewrites the
 frames to an output capture file, but with the frames sorted by increasing
 timestamp.
@ -25,52 +27,52 @@ This functionality may be useful when capture files have been created by
 combining frames from more than one well-synchronised source, but the
 frames have not been combined in strict time order.
-B<Reordercap> writes the output capture file in the same format as the input
+*Reordercap* writes the output capture file in the same format as the input
 capture file.
-B<Reordercap> is able to detect, read and write the same capture files that
+*Reordercap* is able to detect, read and write the same capture files that
-are supported by B<Wireshark>.
+are supported by *Wireshark*.
 The input file doesn't need a specific filename extension; the file
 format and an optional gzip, zstd or lz4 compression will be automatically detected.
-Near the beginning of the DESCRIPTION section of wireshark(1) or
+Near the beginning of the DESCRIPTION section of xref:wireshark.html[wireshark](1) or
-L<https://www.wireshark.org/docs/man-pages/wireshark.html>
+https://www.wireshark.org/docs/man-pages/wireshark.html
-is a detailed description of the way B<Wireshark> handles this, which is
+is a detailed description of the way *Wireshark* handles this, which is
-the same way B<reordercap> handles this.
+the same way *reordercap* handles this.
-=head1 OPTIONS
+== OPTIONS
-=over 4
+-n::
-
+
-=item -n
+--
-
+When the *-n* option is used, *reordercap* will not write out the output
 When the B<-n> option is used, B<reordercap> will not write out the output
 file if it finds that the input file is already in order.
 --
-=item -v
+-v::
-
+
 --
 Print the version and exit.
 --
-=back
+== SEE ALSO
-=head1 SEE ALSO
+xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:editcap.html[editcap](1), xref:mergecap.html[mergecap](1),
 xref:text2pcap.html[text2pcap](1), xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8)
-pcap(3), wireshark(1), tshark(1), dumpcap(1), editcap(1), mergecap(1),
+== NOTES
 text2pcap(1), pcap-filter(7) or tcpdump(8)
-=head1 NOTES
+*Reordercap* is part of the *Wireshark* distribution.  The latest version
 of *Wireshark* can be found at https://www.wireshark.org.
-B<Reordercap> is part of the B<Wireshark> distribution.  The latest version
+It may make sense to move this functionality into *editcap*, or perhaps
-of B<Wireshark> can be found at L<https://www.wireshark.org>.
+*mergecap*, in which case *reordercap* could be retired.
 It may make sense to move this functionality into B<editcap>, or perhaps
 B<mergecap>, in which case B<reordercap> could be retired.
 HTML versions of the Wireshark project man pages are available at:
-L<https://www.wireshark.org/docs/man-pages>.
+https://www.wireshark.org/docs/man-pages.
-=head1 AUTHORS
+== AUTHORS
-  Original Author
+.Original Author
-  -------- ------
+[%hardbreaks]
-  Martin Mathieson             <martin.r.mathieson[AT]googlemail.com>
+Martin Mathieson <martin.r.mathieson[AT]googlemail.com>
--- a/doc/sdjournal.adoc
+++ b/doc/sdjournal.adoc
@ -1,87 +1,99 @@
-=begin man
+= sdjournal(1)
 :doctype: manpage
 include::../docbook/attributes.adoc[]
 :stylesheet: ws.css
 :linkcss:
 :copycss: ../docbook/{stylesheet}
-=encoding utf8
+== NAME
 =end man
 =head1 NAME
 sdjournal - Provide an interface to capture systemd journal entries.
-=head1 SYNOPSIS
+== SYNOPSIS
-B<sdjournal>
+[manarg]
-S<[ B<--help> ]>
+*sdjournal*
-S<[ B<--version> ]>
+[ *--help* ]
-S<[ B<--extcap-interfaces> ]>
+[ *--version* ]
-S<[ B<--extcap-dlts> ]>
+[ *--extcap-interfaces* ]
-S<[ B<--extcap-interface>=E<lt>interfaceE<gt> ]>
+[ *--extcap-dlts* ]
-S<[ B<--extcap-config> ]>
+[ *--extcap-interface*=<interface> ]
-S<[ B<--capture> ]>
+[ *--extcap-config* ]
-S<[ B<--fifo>=E<lt>path to file or pipeE<gt> ]>
+[ *--capture* ]
-S<[ B<--start-from>=E<lt>entry countE<gt> ]>
+[ *--fifo*=<path to file or pipe> ]
 [ *--start-from*=<entry count> ]
-=head1 DESCRIPTION
+== DESCRIPTION
-B<sdjournal> is an extcap tool that allows one to capture systemd
+*sdjournal* is an extcap tool that allows one to capture systemd
 journal entries. It can be used to correlate system events with
 network traffic.
 Supported interfaces:
-=over 4
+1. sdjournal
-=item 1. sdjournal
+== OPTIONS
 =back
 =head1 OPTIONS
 =over 4
 =item --help
 --help::
 +
 --
 Print program arguments.
 --
-=item --version
+--version::
-
+
 --
 Print program version.
 --
-=item --extcap-interfaces
+--extcap-interfaces::
-
+
 --
 List available interfaces.
 --
-=item --extcap-interface=E<lt>interfaceE<gt>
+--extcap-interface=<interface>::
-
+
 --
 Use specified interfaces.
 --
-=item --extcap-dlts
+--extcap-dlts::
-
+
 --
 List DLTs of specified interface.
 --
-=item --extcap-config
+--extcap-config::
-
+
 --
 List configuration options of specified interface.
 --
-=item --capture
+--capture::
-
+
 --
 Start capturing from specified interface and write raw packet data to the location specified by --fifo.
 --
-=item --fifo=E<lt>path to file or pipeE<gt>
+--fifo=<path to file or pipe>::
-
+
 --
 Save captured packet to file or send it through pipe.
 --
-=item --start-from=E<lt>entry countE<gt>
+--start-from=<entry count>::
-
+
-Start from the last E<lt>entry countE<gt> entries, similar to the
+--
-"-n" or "--lines" argument for the L<tail(1)> command. Values prefixed
+Start from the last <entry count> entries, similar to the
-with a B<+> sign start from the beginning of the journal, otherwise
+"-n" or "--lines" argument for the tail(1) command. Values prefixed
 with a *+* sign start from the beginning of the journal, otherwise
 the count starts from the end. The default value is 10. To include
-all entries use B<+0>.
+all entries use *+0*.
 --
-=back
+== EXAMPLES
 =head1 EXAMPLES
 To see program arguments:
@ -126,20 +138,20 @@ To capture all entries since the system was booted:
 NOTE: To stop capturing CTRL+C/kill/terminate application.
-=head1 SEE ALSO
+== SEE ALSO
-wireshark(1), tshark(1), dumpcap(1), extcap(4), tcpdump(1)
+xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4), xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](1)
-=head1 NOTES
+== NOTES
-B<sdjournal> is part of the B<Wireshark> distribution.  The latest version
+*sdjournal* is part of the *Wireshark* distribution.  The latest version
-of B<Wireshark> can be found at L<https://www.wireshark.org>.
+of *Wireshark* can be found at https://www.wireshark.org.
 HTML versions of the Wireshark project man pages are available at:
-L<https://www.wireshark.org/docs/man-pages>.
+https://www.wireshark.org/docs/man-pages.
-=head1 AUTHORS
+== AUTHORS
-  Original Author
+.Original Author
-  -------- ------
+[%hardbreaks]
-  Gerald Combs             <gerald[AT]wireshark.org>
+Gerald Combs <gerald[AT]wireshark.org>
--- a/doc/sshdump.adoc
+++ b/doc/sshdump.adoc
@ -1,58 +1,64 @@
-=begin man
+= sshdump(1)
 :doctype: manpage
 include::../docbook/attributes.adoc[]
 :stylesheet: ws.css
 :linkcss:
 :copycss: ../docbook/{stylesheet}
-=encoding utf8
+== NAME
 =end man
 =head1 NAME
 sshdump - Provide interfaces to capture from a remote host through SSH using a remote capture binary.
-=head1 SYNOPSIS
+== SYNOPSIS
-B<sshdump>
+[manarg]
-S<[ B<--help> ]>
+*sshdump*
-S<[ B<--version> ]>
+[ *--help* ]
-S<[ B<--extcap-interfaces> ]>
+[ *--version* ]
-S<[ B<--extcap-dlts> ]>
+[ *--extcap-interfaces* ]
-S<[ B<--extcap-interface>=E<lt>interfaceE<gt> ]>
+[ *--extcap-dlts* ]
-S<[ B<--extcap-config> ]>
+[ *--extcap-interface*=<interface> ]
-S<[ B<--extcap-capture-filter>=E<lt>capture filterE<gt> ]>
+[ *--extcap-config* ]
-S<[ B<--capture> ]>
+[ *--extcap-capture-filter*=<capture filter> ]
-S<[ B<--fifo>=E<lt>path to file or pipeE<gt> ]>
+[ *--capture* ]
-S<[ B<--remote-host>=E<lt>IP addressE<gt> ]>
+[ *--fifo*=<path to file or pipe> ]
-S<[ B<--remote-port>=E<lt>TCP portE<gt> ]>
+[ *--remote-host*=<IP address> ]
-S<[ B<--remote-username>=E<lt>usernameE<gt> ]>
+[ *--remote-port*=<TCP port> ]
-S<[ B<--remote-password>=E<lt>passwordE<gt> ]>
+[ *--remote-username*=<username> ]
-S<[ B<--sshkey>=E<lt>public key pathE<gt> ]>
+[ *--remote-password*=<password> ]
-S<[ B<--remote-interface>=E<lt>interfaceE<gt> ]>
+[ *--sshkey*=<public key path> ]
-S<[ B<--remote-capture-command>=E<lt>capture commandE<gt> ]>
+[ *--remote-interface*=<interface> ]
-S<[ B<--remote-sudo> ]>
+[ *--remote-capture-command*=<capture command> ]
 [ *--remote-sudo* ]
-B<sshdump>
+[manarg]
-S<B<--extcap-interfaces>>
+*sshdump*
 *--extcap-interfaces*
-B<sshdump>
+[manarg]
-S<B<--extcap-interface>=E<lt>interfaceE<gt>>
+*sshdump*
-S<B<--extcap-dlts>>
+*--extcap-interface*=<interface>
 *--extcap-dlts*
-B<sshdump>
+[manarg]
-S<B<--extcap-interface>=E<lt>interfaceE<gt>>
+*sshdump*
-S<B<--extcap-config>>
+*--extcap-interface*=<interface>
 *--extcap-config*
-B<sshdump>
+[manarg]
-S<B<--extcap-interface>=E<lt>interfaceE<gt>>
+*sshdump*
-S<B<--fifo>=E<lt>path to file or pipeE<gt>>
+*--extcap-interface*=<interface>
-S<B<--capture>>
+*--fifo*=<path to file or pipe>
-S<B<--remote-host=myremotehost>>
+*--capture*
-S<B<--remote-port=22>>
+*--remote-host=myremotehost*
-S<B<--remote-username=user>>
+*--remote-port=22*
-S<B<--remote-interface=eth2>>
+*--remote-username=user*
-S<B<--remote-capture-command='tcpdump -U -i eth0 -w-'>>
+*--remote-interface=eth2*
 *--remote-capture-command='tcpdump -U -i eth0 -w-'*
-=head1 DESCRIPTION
+== DESCRIPTION
-B<Sshdump> is an extcap tool that allows one to run a remote capture
+*Sshdump* is an extcap tool that allows one to run a remote capture
 tool over a SSH connection. The requirement is that the capture
 executable must have the capabilities to capture from the wanted
 interface.
@ -69,7 +75,7 @@ The feature is functionally equivalent to run commands like
 Typically sshdump is not invoked directly. Instead it can be configured through
 the Wireshark graphical user interface or its command line. The following will
-start Wireshark and start capturing from host B<remotehost>:
+start Wireshark and start capturing from host *remotehost*:
    $ wireshark '-oextcap.sshdump.remotehost:"remotehost"' -i sshdump -k
@ -81,96 +87,120 @@ To explicitly control the remote capture command:
 Supported interfaces:
-=over 4
+1. ssh
-=item 1. ssh
+== OPTIONS
 =back
 =head1 OPTIONS
 =over 4
 =item --help
 --help::
 +
 --
 Print program arguments.
 --
-=item --version
+--version::
-
+
 --
 Print program version.
 --
-=item --extcap-interfaces
+--extcap-interfaces::
-
+
 --
 List available interfaces.
 --
-=item --extcap-interface=E<lt>interfaceE<gt>
+--extcap-interface=<interface>::
-
+
 --
 Use specified interfaces.
 --
-=item --extcap-dlts
+--extcap-dlts::
-
+
 --
 List DLTs of specified interface.
 --
-=item --extcap-config
+--extcap-config::
-
+
 --
 List configuration options of specified interface.
 --
-=item --capture
+--capture::
-
+
 --
 Start capturing from specified interface and write raw packet data to the location specified by --fifo.
 --
-=item --fifo=E<lt>path to file or pipeE<gt>
+--fifo=<path to file or pipe>::
-
+
 --
 Save captured packet to file or send it through pipe.
 --
-=item --remote-host=E<lt>remote hostE<gt>
+--remote-host=<remote host>::
-
+
 --
 The address of the remote host for capture.
 --
-=item --remote-port=E<lt>remote portE<gt>
+--remote-port=<remote port>::
-
+
 --
 The SSH port of the remote host.
 --
-=item --remote-username=E<lt>usernameE<gt>
+--remote-username=<username>::
-
+
 --
 The username for ssh authentication.
 --
-=item --remote-password=E<lt>passwordE<gt>
+--remote-password=<password>::
-
+
 --
 The password to use (if not ssh-agent and pubkey are used). WARNING: the
 passwords are stored in plaintext and visible to all users on this system. It is
 recommended to use keyfiles with a SSH agent.
 --
-=item --sshkey=E<lt>SSH private key pathE<gt>
+--sshkey=<SSH private key path>::
-
+
 --
 The path to a private key for authentication.
 --
-=item --remote-interface=E<lt>remote interfaceE<gt>
+--remote-interface=<remote interface>::
-
+
 --
 The remote network interface to capture from.
 --
-=item --remote-capture-command=E<lt>capture commandE<gt>
+--remote-capture-command=<capture command>::
-
+
 --
 A custom remote capture command that produces the remote stream that is shown in Wireshark.
 The command must be able to produce a PCAP stream written to STDOUT. See below for more
 examples.
-If using tcpdump, use the B<-w-> option to ensure that packets are written to
+If using tcpdump, use the *-w-* option to ensure that packets are written to
-standard output (stdout). Include the B<-U> option to write packets as soon as
+standard output (stdout). Include the *-U* option to write packets as soon as
 they are received.
 When specified, this command will be used as is, options such as the capture
-filter (B<--extcap-capture-filter>) will not be appended.
+filter (*--extcap-capture-filter*) will not be appended.
 --
-=item --extcap-capture-filter=E<lt>capture filterE<gt>
+--extcap-capture-filter=<capture filter>::
-
+
-The capture filter. It corresponds to the value provided via the B<tshark -f>
+--
 The capture filter. It corresponds to the value provided via the *tshark -f*
 option, and the Capture Filter field next to the interfaces list in the
 Wireshark interface.
 --
-=back
+== EXAMPLES
 =head1 EXAMPLES
 To see program arguments:
@ -253,20 +283,20 @@ to show up twice in wireshark (for instance to handle multiple profiles), we can
 sshdump-host1 and sshdump-host2. Each binary will show up an interface name same as the executable
 name. Those executables not being "sshdump" will show up as "custom version" in the interface description.
-=head1 SEE ALSO
+== SEE ALSO
-wireshark(1), tshark(1), dumpcap(1), extcap(4), tcpdump(1)
+xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4), xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](1)
-=head1 NOTES
+== NOTES
-B<Sshdump> is part of the B<Wireshark> distribution.  The latest version
+*Sshdump* is part of the *Wireshark* distribution.  The latest version
-of B<Wireshark> can be found at L<https://www.wireshark.org>.
+of *Wireshark* can be found at https://www.wireshark.org.
 HTML versions of the Wireshark project man pages are available at:
-L<https://www.wireshark.org/docs/man-pages>.
+https://www.wireshark.org/docs/man-pages.
-=head1 AUTHORS
+== AUTHORS
-  Original Author
+.Original Author
-  -------- ------
+[%hardbreaks]
-  Dario Lombardo             <lomato[AT]gmail.com>
+Dario Lombardo <lomato[AT]gmail.com>
--- a/doc/text2pcap.adoc
+++ b/doc/text2pcap.adoc
@ -1,57 +1,59 @@
-=begin man
+= text2pcap(1)
 :doctype: manpage
 include::../docbook/attributes.adoc[]
 :stylesheet: ws.css
 :linkcss:
 :copycss: ../docbook/{stylesheet}
-=encoding utf8
+== NAME
 =end man
 =head1 NAME
 text2pcap - Generate a capture file from an ASCII hexdump of packets
-=head1 SYNOPSIS
+== SYNOPSIS
-B<text2pcap>
+[manarg]
-S<[ B<-a> ]>
+*text2pcap*
-S<[ B<-d> ]>
+[ *-a* ]
-S<[ B<-D> ]>
+[ *-d* ]
-S<[ B<-e> E<lt>l3pidE<gt> ]>
+[ *-D* ]
-S<[ B<-h> ]>
+[ *-e* <l3pid> ]
-S<[ B<-i> E<lt>protoE<gt> ]>
+[ *-h* ]
-S<[ B<-l> E<lt>typenumE<gt> ]>
+[ *-i* <proto> ]
-S<[ B<-n> ]>
+[ *-l* <typenum> ]
-S<[ B<-N> E<lt>intf-nameE<gt> ]>
+[ *-n* ]
-S<[ B<-m> E<lt>max-packetE<gt> ]>
+[ *-N* <intf-name> ]
-S<[ B<-o> hex|oct|dec ]>
+[ *-m* <max-packet> ]
-S<[ B<-q> ]>
+[ *-o* hex|oct|dec ]
-S<[ B<-s> E<lt>srcportE<gt>,E<lt>destportE<gt>,E<lt>tagE<gt> ]>
+[ *-q* ]
-S<[ B<-S> E<lt>srcportE<gt>,E<lt>destportE<gt>,E<lt>ppiE<gt> ]>
+[ *-s* <srcport>,<destport>,<tag> ]
-S<[ B<-t> E<lt>timefmtE<gt> ]>
+[ *-S* <srcport>,<destport>,<ppi> ]
-S<[ B<-T> E<lt>srcportE<gt>,E<lt>destportE<gt> ]>
+[ *-t* <timefmt> ]
-S<[ B<-u> E<lt>srcportE<gt>,E<lt>destportE<gt> ]>
+[ *-T* <srcport>,<destport> ]
-S<[ B<-v> ]>
+[ *-u* <srcport>,<destport> ]
-S<[ B<-4> E<lt>srcipE<gt>,E<lt>destipE<gt> ]>
+[ *-v* ]
-S<[ B<-6> E<lt>srcipE<gt>,E<lt>destipE<gt> ]>
+[ *-4* <srcip>,<destip> ]
-E<lt>I<infile>E<gt>|-
+[ *-6* <srcip>,<destip> ]
-E<lt>I<outfile>E<gt>|-
+<__infile__>|-
 <__outfile__>|-
-=head1 DESCRIPTION
+== DESCRIPTION
-B<Text2pcap> is a program that reads in an ASCII hex dump and writes the
+*Text2pcap* is a program that reads in an ASCII hex dump and writes the
-data described into a B<pcap> or B<pcapng> capture file.  B<text2pcap> can
+data described into a *pcap* or *pcapng* capture file.  *text2pcap* can
 read hexdumps with multiple packets in them, and build a capture file of
-multiple packets.  B<text2pcap> is also capable of generating dummy
+multiple packets.  *text2pcap* is also capable of generating dummy
 Ethernet, IP and UDP, TCP, or SCTP headers, in order to build fully
 processable packet dumps from hexdumps of application-level data only.
-B<Text2pcap> understands a hexdump of the form generated by I<od -Ax
+*Text2pcap* understands a hexdump of the form generated by __od -Ax
-tx1 -v>.  In other words, each byte is individually displayed, with
+ -tx1 -v__.  In other words, each byte is individually displayed, with
 spaces separating the bytes from each other.  Each line begins with an offset
 describing the position in the packet, each new packet starts with an offset
 of 0 and there is a space separating the offset from the following bytes.
-The offset is a hex number (can also be octal or decimal - see B<-o>),
+The offset is a hex number (can also be octal or decimal - see *-o*),
 of more than two hex digits.
-Here is a sample dump that B<text2pcap> can recognize:
+Here is a sample dump that *text2pcap* can recognize:
    000000 00 0e b6 00 00 02 00 0e b6 00 00 01 08 00 45 00
    000010 00 28 00 00 00 00 ff 01 37 d1 c0 00 02 01 c0 00
@ -75,10 +77,10 @@ also ignored. An offset of zero is indicative of starting a new
 packet, so a single text file with a series of hexdumps can be
 converted into a packet capture with multiple packets. Packets may be
 preceded by a timestamp. These are interpreted according to the format
-given on the command line (see B<-t>). If not, the first packet
+given on the command line (see *-t*). If not, the first packet
 is timestamped with the current time the conversion takes place. Multiple
 packets are written with timestamps differing by one microsecond each.
-In general, short of these restrictions, B<text2pcap> is pretty liberal
+In general, short of these restrictions, *text2pcap* is pretty liberal
 about reading in hexdumps and has been tested with a variety of
 mangled outputs (including being forwarded through email multiple
 times, with limited line wrap etc.)
@ -87,188 +89,224 @@ There are a couple of other special features to note. Any line where
 the first non-whitespace character is '#' will be ignored as a
 comment. Any line beginning with #TEXT2PCAP is a directive and options
 can be inserted after this command to be processed by
-B<text2pcap>. Currently there are no directives implemented; in the
+*text2pcap*. Currently there are no directives implemented; in the
 future, these may be used to give more fine grained control on the
 dump and the way it should be processed e.g. timestamps, encapsulation
 type etc.
-B<Text2pcap> also allows the user to read in dumps of
+*Text2pcap* also allows the user to read in dumps of
 application-level data, by inserting dummy L2, L3 and L4 headers
 before each packet. The user can elect to insert Ethernet headers,
 Ethernet and IP, or Ethernet, IP and UDP/TCP/SCTP headers before each
 packet. This allows Wireshark or any other full-packet decoder to
 handle these dumps.
-=head1 OPTIONS
+== OPTIONS
 =over 4
 =item -a
 -a::
 +
 --
 Enables ASCII text dump identification. It allows one to identify the start of
 the ASCII text dump and not include it in the packet even if it looks like HEX.
-B<NOTE:> Do not enable it if the input file does not contain the ASCII text dump.
+*NOTE:* Do not enable it if the input file does not contain the ASCII text dump.
-
+--
 =item -d
 -d::
 +
 --
 Displays debugging information during the process. Can be used
 multiple times to generate more debugging information.
 --
-=item -D
+-D::
-
+
 --
 The text before the packet starts either with an I or O indicating that
 the packet is inbound or outbound. This is used when generating dummy headers.
 The indication is only stored if the output format is pcapng.
 --
-=item -e E<lt>l3pidE<gt>
+-e <l3pid>::
-
+
 --
 Include a dummy Ethernet header before each packet. Specify the L3PID
 for the Ethernet header in hex. Use this option if your dump has Layer
 3 header and payload (e.g. IP header), but no Layer 2
-encapsulation. Example: I<-e 0x806> to specify an ARP packet.
+encapsulation. Example: __-e 0x806__ to specify an ARP packet.
 For IP packets, instead of generating a fake Ethernet header you can
-also use I<-l 101> to indicate a raw IP packet to Wireshark. Note that
+also use __-l 101__ to indicate a raw IP packet to Wireshark. Note that
-I<-l 101> does not work for any non-IP Layer 3 packet (e.g. ARP),
+__-l 101__ does not work for any non-IP Layer 3 packet (e.g. ARP),
-whereas generating a dummy Ethernet header with I<-e> works for any
+whereas generating a dummy Ethernet header with __-e__ works for any
 sort of L3 packet.
 --
-=item -h
+-h::
-
+
 --
 Displays a help message.
 --
-=item -i E<lt>protoE<gt>
+-i <proto>::
-
+
 --
 Include dummy IP headers before each packet. Specify the IP protocol
 for the packet in decimal. Use this option if your dump is the payload
 of an IP packet (i.e. has complete L4 information) but does not have
 an IP header with each packet. Note that an appropriate Ethernet header
 is automatically included with each packet as well.
-Example: I<-i 46> to specify an RSVP packet (IP protocol 46).  See
+Example: __-i 46__ to specify an RSVP packet (IP protocol 46).  See
-L<https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml> for
+https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml for
 the complete list of assigned internet protocol numbers.
 --
-=item -l
+-l::
-
+
 --
 Specify the link-layer header type of this packet.  Default is Ethernet
-(1).  See L<https://www.tcpdump.org/linktypes.html> for the complete list
+(1).  See https://www.tcpdump.org/linktypes.html for the complete list
 of possible encapsulations.  Note that this option should be used if
 your dump is a complete hex dump of an encapsulated packet and you wish
-to specify the exact type of encapsulation.  Example: I<-l 7> for ARCNet
+to specify the exact type of encapsulation.  Example: __-l 7__ for ARCNet
 packets encapsulated BSD-style.
 --
-=item -m E<lt>max-packetE<gt>
+-m <max-packet>::
-
+
 --
 Set the maximum packet length, default is 262144.
 Useful for testing various packet boundaries when only an application
 level datastream is available.  Example:
-I<od -Ax -tx1 -v stream | text2pcap -m1460 -T1234,1234 - stream.pcap>
+__od -Ax -tx1 -v stream | text2pcap -m1460 -T1234,1234 - stream.pcap__
 will convert from plain datastream format to a sequence of Ethernet
 TCP packets.
 --
-=item -n
+-n::
-
+
 --
 Write the file in pcapng format rather than pcap format.
 --
-=item -N E<lt>intf-nameE<gt>
+-N <intf-name>::
-
+
 --
 Specify a name for the interface included when writing a pcapng format
 file. By default no name is defined.
 --
-=item -o hex|oct|dec
+-o hex|oct|dec::
-
+
 --
 Specify the radix for the offsets (hex, octal or decimal). Defaults to
-hex. This corresponds to the C<-A> option for I<od>.
+hex. This corresponds to the `-A` option for __od__.
-
+--
 =item -q
 -q::
 +
 --
 Be completely quiet during the process.
 --
-=item -s E<lt>srcportE<gt>,E<lt>destportE<gt>,E<lt>tagE<gt>
+-s <srcport>,<destport>,<tag>::
-
+
 --
 Include dummy SCTP headers before each packet.  Specify, in decimal, the
 source and destination SCTP ports, and verification tag, for the packet.
 Use this option if your dump is the SCTP payload of a packet but does
 not include any SCTP, IP or Ethernet headers.  Note that appropriate
 Ethernet and IP headers are automatically also included with each
 packet.  A CRC32C checksum will be put into the SCTP header.
 --
-=item -S E<lt>srcportE<gt>,E<lt>destportE<gt>,E<lt>ppiE<gt>
+-S <srcport>,<destport>,<ppi>::
-
+
 --
 Include dummy SCTP headers before each packet.  Specify, in decimal, the
 source and destination SCTP ports, and a verification tag of 0, for the
 packet, and prepend a dummy SCTP DATA chunk header with a payload
-protocol identifier if I<ppi>.  Use this option if your dump is the SCTP
+protocol identifier if __ppi__.  Use this option if your dump is the SCTP
 payload of a packet but does not include any SCTP, IP or Ethernet
 headers.  Note that appropriate Ethernet and IP headers are
 automatically included with each packet.  A CRC32C checksum will be put
 into the SCTP header.
 --
-=item -t E<lt>timefmtE<gt>
+-t <timefmt>::
-
+
-Treats the text before the packet as a date/time code; I<timefmt> is a
+--
 Treats the text before the packet as a date/time code; __timefmt__ is a
 format string of the sort supported by strptime(3).
 Example: The time "10:15:14.5476" has the format code "%H:%M:%S."
-B<NOTE:> The subsecond component delimiter must be specified (.) but no
+*NOTE:* The subsecond component delimiter must be specified (.) but no
 pattern is required; the remaining number is assumed to be fractions of
 a second.
-B<NOTE:> Date/time fields from the current date/time are
+*NOTE:* Date/time fields from the current date/time are
 used as the default for unspecified fields.
 --
-=item -T E<lt>srcportE<gt>,E<lt>destportE<gt>
+-T <srcport>,<destport>::
-
+
 --
 Include dummy TCP headers before each packet. Specify the source and
 destination TCP ports for the packet in decimal. Use this option if
 your dump is the TCP payload of a packet but does not include any TCP,
 IP or Ethernet headers. Note that appropriate Ethernet and IP headers
 are automatically also included with each packet.
 Sequence numbers will start at 0.
 --
-=item -u E<lt>srcportE<gt>,E<lt>destportE<gt>
+-u <srcport>,<destport>::
-
+
 --
 Include dummy UDP headers before each packet. Specify the source and
 destination UDP ports for the packet in decimal. Use this option if
 your dump is the UDP payload of a packet but does not include any UDP,
 IP or Ethernet headers. Note that appropriate Ethernet and IP headers
 are automatically also included with each packet.
-Example: I<-u1000,69> to make the packets look like TFTP/UDP packets.
+Example: __-u1000,69__ to make the packets look like TFTP/UDP packets.
-
+--
 =item -v
 -v::
 +
 --
 Print the version and exit.
 --
-=item -4 E<lt>srcipE<gt>,E<lt>destipE<gt>
+-4 <srcip>,<destip>::
-
+
 --
 Prepend dummy IP header with specified IPv4 dest and source address.
 This option should be accompanied by one of the following options: -i, -s, -S, -T, -u
 Use this option to apply "custom" IP addresses.
-Example: I<-4 10.0.0.1,10.0.0.2> to use 10.0.0.1 and 10.0.0.2 for all IP packets.
+Example: __-4 10.0.0.1,10.0.0.2__ to use 10.0.0.1 and 10.0.0.2 for all IP packets.
-
+--
 =item -6 E<lt>srcipE<gt>,E<lt>destipE<gt>
 -6 <srcip>,<destip>::
 +
 --
 Prepend dummy IP header with specified IPv6 dest and source address.
 This option should be accompanied by one of the following options: -i, -s, -S, -T, -u
 Use this option to apply "custom" IP addresses.
-Example: I<-6 fe80::202:b3ff:fe1e:8329,2001:0db8:85a3::8a2e:0370:7334> to
+Example: __-6 fe80::202:b3ff:fe1e:8329,2001:0db8:85a3::8a2e:0370:7334__ to
 use fe80::202:b3ff:fe1e:8329 and 2001:0db8:85a3::8a2e:0370:7334 for all IP packets.
 --
-=back
+== SEE ALSO
-=head1 SEE ALSO
+od(1), xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:mergecap.html[mergecap](1),
 xref:editcap.html[editcap](1), strptime(3), xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8)
-od(1), pcap(3), wireshark(1), tshark(1), dumpcap(1), mergecap(1),
+== NOTES
 editcap(1), strptime(3), pcap-filter(7) or tcpdump(8)
-=head1 NOTES
+*Text2pcap* is part of the *Wireshark* distribution.  The latest version
 of *Wireshark* can be found at https://www.wireshark.org.
-B<Text2pcap> is part of the B<Wireshark> distribution.  The latest version
+== AUTHORS
 of B<Wireshark> can be found at L<https://www.wireshark.org>.
 =head1 AUTHORS
  Ashok Narayanan          <ashokn[AT]cisco.com>
--- a/doc/tshark.adoc
+++ b/doc/tshark.adoc
--- a/doc/udpdump.adoc
+++ b/doc/udpdump.adoc
@ -1,83 +1,101 @@
-=begin man
+= udpdump(1)
 :doctype: manpage
 include::../docbook/attributes.adoc[]
 :stylesheet: ws.css
 :linkcss:
 :copycss: ../docbook/{stylesheet}
-=encoding utf8
+== NAME
 =end man
 =head1 NAME
 udpdump - Provide an UDP receiver that gets packets from network devices (like Aruba routers) and exports them in PCAP format.
-=head1 SYNOPSIS
+== SYNOPSIS
-B<udpdump>
+[manarg]
-S<[ B<--help> ]>
+*udpdump*
-S<[ B<--version> ]>
+[ *--help* ]
-S<[ B<--extcap-interfaces> ]>
+[ *--version* ]
-S<[ B<--extcap-dlts> ]>
+[ *--extcap-interfaces* ]
-S<[ B<--extcap-interface>=E<lt>interfaceE<gt> ]>
+[ *--extcap-dlts* ]
-S<[ B<--extcap-config> ]>
+[ *--extcap-interface*=<interface> ]
-S<[ B<--capture> ]>
+[ *--extcap-config* ]
-S<[ B<--fifo>=E<lt>path to file or pipeE<gt> ]>
+[ *--capture* ]
-S<[ B<--port>=E<lt>portE<gt> ]>
+[ *--fifo*=<path to file or pipe> ]
-S<[ B<--payload>=E<lt>typeE<gt> ]>
+[ *--port*=<port> ]
 [ *--payload*=<type> ]
-=head1 DESCRIPTION
+== DESCRIPTION
-B<udpdump> is a extcap tool that provides an UDP receiver that listens for exported datagrams coming from
+*udpdump* is a extcap tool that provides an UDP receiver that listens for exported datagrams coming from
 any source (like Aruba routers) and exports them in PCAP format. This provides the user two basic
 functionalities: the first one is to have a listener that prevents the localhost to send back an ICMP
 port-unreachable packet. The second one is to strip out the lower layers (layer 2, IP, UDP) that are useless
 (are used just as export vector). The format of the exported datagrams are EXPORTED_PDU, as specified in
 https://gitlab.com/wireshark/wireshark/-/raw/master/epan/exported_pdu.h
-=head1 OPTIONS
+== OPTIONS
 =over 4
 =item --help
 --help::
 +
 --
 Print program arguments.
 --
-=item --version
+--version::
-
+
 --
 Print program version.
 --
-=item --extcap-interfaces
+--extcap-interfaces::
-
+
 --
 List available interfaces.
 --
-=item --extcap-interface=E<lt>interfaceE<gt>
+--extcap-interface=<interface>::
-
+
 --
 Use specified interfaces.
 --
-=item --extcap-dlts
+--extcap-dlts::
-
+
 --
 List DLTs of specified interface.
 --
-=item --extcap-config
+--extcap-config::
-
+
 --
 List configuration options of specified interface.
 --
-=item --capture
+--capture::
-
+
 --
 Start capturing from specified interface save saved it in place specified by --fifo.
 --
-=item --fifo=E<lt>path to file or pipeE<gt>
+--fifo=<path to file or pipe>::
-
+
 --
 Save captured packet to file or send it through pipe.
 --
-=item --port=E<lt>portE<gt>
+--port=<port>::
-
+
 --
 Set the listener port. Port 5555 is the default.
 --
-=item --payload=E<lt>typeE<gt>
+--payload=<type>::
-
+
 --
 Set the payload of the exported PDU. Default: data.
 --
-=back
+== EXAMPLES
 =head1 EXAMPLES
 To see program arguments:
@ -114,20 +132,20 @@ To capture:
 NOTE: To stop capturing CTRL+C/kill/terminate application.
-=head1 SEE ALSO
+== SEE ALSO
-wireshark(1), tshark(1), dumpcap(1), extcap(4)
+xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4)
-=head1 NOTES
+== NOTES
-B<udpdump> is part of the B<Wireshark> distribution.  The latest version
+*udpdump* is part of the *Wireshark* distribution.  The latest version
-of B<Wireshark> can be found at L<https://www.wireshark.org>.
+of *Wireshark* can be found at https://www.wireshark.org.
 HTML versions of the Wireshark project man pages are available at:
-L<https://www.wireshark.org/docs/man-pages>.
+https://www.wireshark.org/docs/man-pages.
-=head1 AUTHORS
+== AUTHORS
-  Original Author
+.Original Author
-  ---------------
+[%hardbreaks]
-  Dario Lombardo             <lomato[AT]gmail.com>
+Dario Lombardo <lomato[AT]gmail.com>
--- a/doc/wireshark-filter.adoc
+++ b/doc/wireshark-filter.adoc
@ -1,24 +1,25 @@
-=begin man
+= wireshark-filter(4)
 :doctype: manpage
 include::../docbook/attributes.adoc[]
 :stylesheet: ws.css
 :linkcss:
 :copycss: ../docbook/{stylesheet}
-=encoding utf8
+== NAME
 =end man
 =head1 NAME
 wireshark-filter - Wireshark display filter syntax and reference
-=head1 SYNOPSIS
+== SYNOPSIS
-B<wireshark> [other options]
+*wireshark* [other options]
-S<[ B<-Y> "display filter expression" | B<--display-filter> "display filter expression" ]>
+[.nowrap]#[ *-Y* "display filter expression" | *--display-filter* "display filter expression" ]#
-B<tshark> [other options]
+*tshark* [other options]
-S<[ B<-Y> "display filter expression" | B<--display-filter> "display filter expression" ]>
+[.nowrap]#[ *-Y* "display filter expression" | *--display-filter* "display filter expression" ]#
-=head1 DESCRIPTION
+== DESCRIPTION
-B<Wireshark> and B<TShark> share a powerful filter engine that helps remove
+*Wireshark* and *TShark* share a powerful filter engine that helps remove
 the noise from a packet trace and lets you see only the packets that interest
 you.  If a packet meets the requirements expressed in your filter, then it
 is displayed in the list of packets.  Display filters let you compare the
@ -26,14 +27,14 @@ fields within a protocol against a specific value, compare fields against
 fields, and check the existence of specified fields or protocols.
 Filters are also used by other features such as statistics generation and
-packet list colorization (the latter is only available to B<Wireshark>). This
+packet list colorization (the latter is only available to *Wireshark*). This
 manual page describes their syntax. A comprehensive reference of filter fields
 can be found within Wireshark and in the display filter reference at
-L<https://www.wireshark.org/docs/dfref/>.
+https://www.wireshark.org/docs/dfref/.
-=head1 FILTER SYNTAX
+== FILTER SYNTAX
-=head2 Check whether a field or protocol exists
+=== Check whether a field or protocol exists
 The simplest filter allows you to check for the existence of a protocol or
 field.  If you want to see all packets which contain the IP protocol, the
@ -43,7 +44,7 @@ that contain a Token-Ring RIF field, use "tr.rif".
 Think of a protocol or field in a filter as implicitly having the "exists"
 operator.
-=head2 Comparison operators
+=== Comparison operators
 Fields can also be compared against values.  The comparison operators
 can be expressed either through English-like abbreviations or through
@ -56,7 +57,7 @@ C-like symbols:
    ge, >=    Greater than or Equal to
    le, <=    Less than or Equal to
-=head2 Search and match operators
+=== Search and match operators
 Additional operators exist expressed only in English, not C-like syntax:
@ -90,12 +91,12 @@ You can force case sensitivity using
    wsp.header.user_agent matches "(?-i)cldc"
-This is an example of PCRE's B<(?>optionB<)> construct. B<(?-i)> performs a
+This is an example of PCRE's *(?*option*)* construct. *(?-i)* performs a
 case-sensitive pattern match but other options can be specified as well. More
 information can be found in the
-L<pcrepattern(3)|https://www.pcre.org/original/doc/html/pcrepattern.html> man page.
+pcrepattern(3)|https://www.pcre.org/original/doc/html/pcrepattern.html man page.
-=head2 Functions
+=== Functions
 The filter language has the following functions:
@ -120,7 +121,7 @@ byte fields. For example:
 gives you all the odd packets.
-=head2 Protocol field types
+=== Protocol field types
 Each protocol field is typed. The types are:
@ -241,7 +242,7 @@ String literals prefixed with 'r' are called "raw strings". Such strings treat
 backslash as a literal character. Double quotes may still be escaped with
 backslash but note that backslashes are always preserved in the result.
-=head2 The slice operator
+=== The slice operator
 You can take a slice of a field if the field is a text string or a
 byte array.
@ -257,7 +258,7 @@ Another example is:
 You can use the slice operator on a protocol name, too.
 The "frame" protocol can be useful, encompassing all the data captured
-by B<Wireshark> or B<TShark>.
+by *Wireshark* or *TShark*.
    token[0:5] ne 0.0.0.1.1
    llc[0] eq aa
@ -272,7 +273,7 @@ The following syntax governs slices:
    [i:]     start_offset = i, end_offset = end_of_field
 Offsets can be negative, in which case they indicate the
-offset from the B<end> of the field.  The last byte of the field is at offset
+offset from the *end* of the field.  The last byte of the field is at offset
 -1, the last but one byte is at offset -2, and so on.
 Here's how to check the last four bytes of a frame:
@ -300,7 +301,7 @@ Slices can be combined. You can concatenate them using the comma operator:
 This concatenates offset 1, offsets 3-5, and offset 9 to the end of the ftp
 data.
-=head2 The membership operator
+=== The membership operator
 A field may be checked for matches against a set of values simply with the
 membership operator. For instance, you may find traffic on common HTTP/HTTPS
@ -322,7 +323,7 @@ The set of values can also contain ranges:
    ip.addr in {10.0.0.5 .. 10.0.0.9 192.168.1.1..192.168.1.9}
    frame.time_delta in {10 .. 10.5}
-=head2 Type conversions
+=== Type conversions
 If a field is a text string or a byte array, it can be expressed in whichever
 way is most convenient.
@ -337,7 +338,7 @@ A range can also be expressed in either way:
    frame[60:2] gt 50.51
    frame[60:2] gt "PQ"
-=head2 Bit field operations
+=== Bit field operations
 It is also possible to define tests with bit field operations. Currently the
 following bit field operation is supported:
@ -363,7 +364,7 @@ have the same number of bytes as the slice itself, as in:
    ip[42:2] & 40:ff
-=head2 Logical expressions
+=== Logical expressions
 Tests can be combined using logical expressions.
 These too are expressible in C-like syntax or with English-like
@ -407,7 +408,7 @@ filter.  The other ip.addr could equal 192.168.4.1 and the packet would
 still be displayed.
 The second filter says "don't show me any packets that have an
 ip.addr field equal to 192.168.4.1".  If one ip.addr is 192.168.4.1,
-the packet does not pass.  If B<neither> ip.addr field is 192.168.4.1,
+the packet does not pass.  If *neither* ip.addr field is 192.168.4.1,
 then the packet is displayed.
 It is easy to think of the 'ne' and 'eq' operators as having an implicit
@ -425,7 +426,7 @@ multicast packets to address 224.1.2.3, then using:
    ip.dst ne 224.1.2.3
 may be too restrictive. Filtering with "ip.dst" selects only those
-B<IP> packets that satisfy the rule. Any other packets, including all
+*IP* packets that satisfy the rule. Any other packets, including all
 non-IP packets, will not be displayed. To display the non-IP
 packets as well, you can use one of the following two expressions:
@ -437,50 +438,42 @@ lets "ip.dst ne 224.1.2.3" filter out the unwanted IP packets. The
 second filter has already been explained above where filtering with
 multiply occurring fields was discussed.
-=head1 FILTER FIELD REFERENCE
+== FILTER FIELD REFERENCE
 The entire list of display filters is too large to list here. You can
 can find references and examples at the following locations:
-=over 4
+* The online Display Filter Reference: https://www.wireshark.org/docs/dfref/
-=item *
+* __View:Internals:Supported Protocols__ in Wireshark
 The online Display Filter Reference: L<https://www.wireshark.org/docs/dfref/>
-=item *
+* `tshark -G fields` on the command line
 I<View:Internals:Supported Protocols> in Wireshark
-=item *
+* The Wireshark wiki: https://gitlab.com/wireshark/wireshark/-/wikis/DisplayFilters
 C<tshark -G fields> on the command line
-=item *
+== NOTES
 The Wireshark wiki: L<https://gitlab.com/wireshark/wireshark/-/wikis/DisplayFilters>
-=back
+The *xref:wireshark-filter.html[wireshark-filter](4)* manpage is part of the *Wireshark* distribution.
-
+The latest version of *Wireshark* can be found at
-=head1 NOTES
+https://www.wireshark.org.
 The B<wireshark-filter(4)> manpage is part of the B<Wireshark> distribution.
 The latest version of B<Wireshark> can be found at
 L<https://www.wireshark.org>.
 Regular expressions in the "matches" operator are provided by GRegex in GLib.
-See L<https://developer.gnome.org/glib/2.32/glib-regex-syntax.html> or L<https://www.pcre.org/> for more information.
+See https://developer.gnome.org/glib/2.32/glib-regex-syntax.html or https://www.pcre.org/ for more information.
 This manpage does not describe the capture filter syntax, which is
-different. See the manual page of pcap-filter(7) or, if that doesn't exist,
+different. See the manual page of xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or, if that doesn't exist,
-tcpdump(8), or, if that doesn't exist, L<https://gitlab.com/wireshark/wireshark/-/wikis/CaptureFilters>
+xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8), or, if that doesn't exist, https://gitlab.com/wireshark/wireshark/-/wikis/CaptureFilters
 for a description of capture filters.
 Display Filters are also described in the User's Guide:
-L<https://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html>
+https://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html
-=head1 SEE ALSO
+== SEE ALSO
-wireshark(1), tshark(1), editcap(1), pcap(3), pcap-filter(7) or tcpdump(8) if it
+xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:editcap.html[editcap](1), xref:https://www.tcpdump.org/manpages/pcap.3pcap.html[pcap](3), xref:https://www.tcpdump.org/manpages/pcap-filter.7.html[pcap-filter](7) or xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](8) if it
 doesn't exist.
-=head1 AUTHORS
+== AUTHORS
-See the list of authors in the B<Wireshark> man page for a list of authors of
+See the list of authors in the *Wireshark* man page for a list of authors of
 that code.
--- a/doc/wireshark.adoc
+++ b/doc/wireshark.adoc
--- a/docbook/README.adoc
+++ b/docbook/README.adoc
@ -17,13 +17,13 @@ The guides and release notes are written in
 https://asciidoctor.org/docs/asciidoc-syntax-quick-reference/[Asciidoctor syntax].
 For more information see https://asciidoctor.org.
-= Requirements
+== Requirements
 Ultimately we'd like to reduce the toolchain requirements to AsciidoctorJ alone, but that's not yet possible.
 Additional tooling is required for the HTML and HTMLHelp targets.
 See the https://www.wireshark.org/docs/wsdg_html_chunked/ChToolsDocumentationToolchain.html[Developer's Guide] for instructions on installing required packages for your platform.
-= Asciidoctor Markup
+== Asciidoctor Markup
 The User’s and Developer’s Guides were originally written in DocBook and
 were later converted to https://asciidoc.org/[AsciiDoc]. We subsequently
@ -59,6 +59,25 @@ Admonitions ([NOTE], [TIP], and [WARNING]) can be used to highlight important
 information. Keep in mind that they interrupt the flow of text by design. Too
 many (especially in a row) are distracting and annoying.
 == Custom Asciidoctor Macros
 The following custom macros are available in `docbook/asciidoctor-macros`:
 commaize-block::
 Sorts a list of items and separates them with commas with an "and" preceding the last item.
 cveidlink-inline-macro::
 Links a CVE ID to cve.mitre.org.
 manarg-block::
 Ensures that individual arguments don't wrap in order to improve readability.
 wsbuglink-inline-macro::
 Links an issue number to gitlab.org/wireshark/wireshark/-/issues.
 wssalink-inline-macro::
 Links a security advisory to www.wireshark.org.
 == Asciidoctor Live Preview
 The Asciidoctor project provides a JavaScript version of Asciidoctor
--- a/docbook/asciidoctor-macros/manarg-block.rb
+++ b/docbook/asciidoctor-macros/manarg-block.rb
@ -0,0 +1,8 @@
 # SPDX-License-Identifier: MIT
 # Adapted from https://github.com/asciidoctor/asciidoctor-extensions-lab/blob/master/lib/man-inline-macro.rb
 RUBY_ENGINE == 'opal' ? (require 'manarg-block/extension') : (require_relative 'manarg-block/extension')
 Extensions.register do
  block ManArgBlock
 end
--- a/docbook/asciidoctor-macros/manarg-block/extension.rb
+++ b/docbook/asciidoctor-macros/manarg-block/extension.rb
@ -0,0 +1,45 @@
 # SPDX-License-Identifier: MIT
 require 'asciidoctor/extensions' unless RUBY_ENGINE == 'opal'
 include Asciidoctor
 # An inline macro that generates markup for man page arguments.
 # Adapted from https://github.com/asciidoctor/asciidoctor-extensions-lab/blob/master/lib/man-inline-macro.rb
 #
 # Usage:
 #
 #   [manarg]
 #   *command*
 #   [ *--help* ]
 #   [ *--flash-lights* ]
 #
 class ManArgBlock < Extensions::BlockProcessor
  use_dsl
  named :manarg
  parse_content_as :simple
  def process parent, reader, attrs
    nowrap_lines = reader.readlines.map {|line|
      if parent.document.basebackend? 'html'
        # Apply the custom style "[.nowrap]## ... ##" to each line.
        # This generates "<span content="nowrap"> ... </span>". Pass
        # each '#' through for extra paranoia.
        %([.nowrap]###{line.gsub('#', '+++#+++')}##)
      elsif parent.document.backend == 'manpage'
        # Replace spaces with non-breaking spaces ('&#160;'), then make
        # bold markup unconstrained ('*' -> '**'). For now we naively
        # assume that bolds are always constrained (that is, we only
        # have single '*'s). We *should* be able to do this properly
        # with a regex, but for some reason
        #   gsub(/([^*])\*([^*])/, '\1**\2')
        # doesn't match the first asterisk in "*--extcap-interface*=<interface>"
        %(#{line.gsub(' ', '&#160;').gsub('*', '**')})
      else
        line
      end
    }
    # STDERR.puts(nowrap_lines)
    create_paragraph parent, nowrap_lines, attrs
  end
 end
--- a/docbook/asciidoctor-macros/manarg-block/sample.adoc
+++ b/docbook/asciidoctor-macros/manarg-block/sample.adoc
@ -0,0 +1,19 @@
 = androiddump(1)
 :doctype: manpage
 == NAME
 sample - Sample man page
 == SYNOPSIS
 [manarg]
 *androiddump*
 *--mandatory-argument
 [ *--optional-argument* ]
 *--complex-mandatory*=<argument>
 [ *--complex-optional*=<argument> ]
 == DESCRIPTION
 Sample man page.
--- a/docbook/wsdg_src/WSDG_chapter_quick_setup.adoc
+++ b/docbook/wsdg_src/WSDG_chapter_quick_setup.adoc
@ -25,8 +25,7 @@ The following must be installed in order to build Wireshark:
 Either make or Ninja can be used to build Wireshark; at least one of
 those must be installed.
-To build the Developer's Guide and the User's Guide, Asciidoctor,
+To build the manual pages, Developer's Guide and User's Guide, Asciidoctor, Xsltproc, and DocBook must be installed.
 Xsltproc, and DocBook must be installed.
 Some features of Wireshark require additional libraries to be installed.
--- a/docbook/wsdg_src/WSDG_chapter_tools.adoc
+++ b/docbook/wsdg_src/WSDG_chapter_tools.adoc
@ -452,17 +452,16 @@ Edition, it will include an SDK.
 [[ChToolsDocumentationToolchain]]
 === Documentation Toolchain
-Wireshark’s documentation is split across two directories. The `doc`
+Wireshark’s documentation is split across two directories.
-directory contains man pages written in Perl’s POD (Plain Old
+The `doc` directory contains man pages written in Asciidoctor markup.
-Documentation) format. The `docbook` directory contains the User’s
+The `docbook` directory contains the User’s Guide, Developer’s Guide, and the release notes, which are also written in Asciidoctor markup.
-Guide, Developer’s Guide, and the release notes, which are written in
+The split is for historical reasons (described below), and the documentation will likely be consolidated into one directory in the future.
 Asciidoctor markup.
 Our various output formats are generated using the following tools.
 Intermediate formats are in _italics_.
-Man page roff:: pod2man
+Man page roff:: Asciidoctor
-Man page HTML:: pod2html
+Man page HTML:: Asciidoctor
 Guide HTML:: Asciidoctor → _DocBook XML_ → xsltproc + DocBook XSL
 Guide PDF:: Asciidoctor
@ -478,6 +477,7 @@ The Ruby and Java flavors can be used to build Wireshark’s documentation, but
 The guides and release notes were originally written in DocBook (hence the directory name).
 They were later converted to AsciiDoc and then migrated to Asciidoctor.
 The man pages were originally in Perl’s POD (Plain Old Documentation) format and were later converted to Asciidoctor.
 We currently use Asciidoctor’s modern (>= 1.5.0) syntax.
 PDF output requires Asciidoctor’s PDF backend.
--- a/packaging/rpm/wireshark.spec.in
+++ b/packaging/rpm/wireshark.spec.in
@ -58,10 +58,7 @@ BuildRequires:  python3
 BuildRequires:	gcc
 BuildRequires:	perl
 BuildRequires:	flex
 %if %{with guides}
 # HTML guides
 BuildRequires:	asciidoctor
 %endif
 BuildRequires:	glib2-devel >= 2.32.0
 Requires:	glib2
--- a/tools/debian-setup.sh
+++ b/tools/debian-setup.sh
@ -72,7 +72,6 @@ BASIC_LIST="gcc \
 ADDITIONAL_LIST="libnl-3-dev \
 	libkrb5-dev \
 	libsmi2-dev \
 	asciidoctor \
 	libsbc-dev \
 	liblua5.2-dev \
 	libnl-cli-3-dev \
@ -97,6 +96,7 @@ ADDITIONAL_LIST="libnl-3-dev \
 DEBDEPS_LIST="debhelper \
 	dh-python \
 	asciidoctor \
 	docbook-xml \
 	docbook-xsl \
 	libxml2-utils \
--- a/tools/rpm-setup.sh
+++ b/tools/rpm-setup.sh
@ -76,7 +76,8 @@ ADDITIONAL_LIST="libcap-devel \
 #	oxipng \
 #	pngcrush"
-RPMDEPS_LIST="rpm-build"
+RPMDEPS_LIST="rpm-build \
 	rubygem-asciidoctor.noarch"
 # Guess which package manager we will use
 for PM in zypper dnf yum ''; do
@ -204,9 +205,6 @@ echo "Gettext devel is unavailable" >&2
 add_package ADDITIONAL_LIST perl-Pod-Html ||
 echo "perl-Pod-Html is unavailable" >&2
 add_package ADDITIONAL_LIST asciidoctor || add_package ADDITIONAL_LIST rubygem-asciidoctor.noarch ||
 echo "asciidoctor is unavailable" >&2
 add_package ADDITIONAL_LIST ninja || add_package ADDITIONAL_LIST ninja-build ||
 echo "ninja is unavailable" >&2