osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Update man pages; Add several missing options; Fix typos, Do minor rewording; 

editcap: Add description of -i option;
 dumpcap: Add description of -S option;

svn path=/trunk/; revision=28336
This commit is contained in:
Bill Meier 2009-05-12 16:24:57 +00:00
parent 4989352829
commit 927fabd0e5
5 changed files with 41 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
doc/capinfos.pod
View File

@ -95,11 +95,11 @@ B<Capinfos> detects this.
=item -y
Displays the average data rate, in bytes
Displays the average data rate, in bytes/sec
=item -i
Displays the average data rate, in bits
Displays the average data rate, in bits/sec
=item -z
@ -107,7 +107,7 @@ displays the average packet size, in bytes
=item -x
displays the average packet rate, in packets
displays the average packet rate, in packets/sec
=item -h
@ -117,7 +117,7 @@ Prints the help listing and exits.
=head1 SEE ALSO
tcpdump(8), pcap(3), wireshark(1)>, mergecap(1), editcap(1), tshark(1),
tcpdump(8), pcap(3), wireshark(1), mergecap(1), editcap(1), tshark(1),
dumpcap(1)
=head1 NOTES

7
doc/dumpcap.pod
View File

@ -19,6 +19,7 @@ S<[ B<-n> ]>
S<[ B<-M> ]>
S<[ B<-p> ]>
S<[ B<-s> E<lt>capture snaplenE<gt> ]>
S<[ B<-S> ]>
S<[ B<-v> ]>
S<[ B<-w> E<lt>outfileE<gt> ]>
S<[ B<-y> E<lt>capture link typeE<gt> ]>
@ -166,7 +167,7 @@ link types can be used for the B<-y> option.
=item -M
When used with B<-D> and B<-L>, print verbose, machine-readable output.
When used with B<-D>, B<-L> and B<-S>, print verbose, machine-readable output.
=item -n
@ -188,6 +189,10 @@ No more than I<snaplen> bytes of each network packet will be read into
memory, or saved to disk. A value of 0 specifies a snapshot length of
65535, so that the full packet is captured; this is the default.
=item -S
Print statistics for each interface once every second.
=item -v
Print the version and exit.

22
doc/editcap.pod
View File

@ -13,6 +13,7 @@ S<[ B<-F> E<lt>file formatE<gt> ]>
S<[ B<-A> E<lt>start timeE<gt> ]>
S<[ B<-B> E<lt>stop timeE<gt> ]>
S<[ B<-h> ]>
S<[ B<-i> E<lt>seconds per fileE<gt> ]>
S<[ B<-r> ]>
S<[ B<-s> E<lt>snaplenE<gt> ]>
S<[ B<-t> E<lt>time adjustmentE<gt> ]>
@ -62,7 +63,7 @@ the same way B<Editcap> handles this.
B<Editcap> can write the file in several output formats. The B<-F>
flag can be used to specify the format in which to write the capture
file, B<editcap -F> provides a list of the available output formats.
file; B<editcap -F> provides a list of the available output formats.
=head1 OPTIONS
@ -70,9 +71,10 @@ file, B<editcap -F> provides a list of the available output formats.
=item -c E<lt>packets per fileE<gt>
Sets the maximum number of packets per output file. Each output file will
Splits the packet output to different files based on uniform packet counts
with a maximum of <packets per file> each. Each output file will
be created with a suffix -nnnnn, starting with 00000. If the specified
number of packets are written to the output file, the next output file is
number of packets is written to the output file, the next output file is
opened. The default is to use a single output file.
=item -C E<lt>choplenE<gt>
@ -111,7 +113,7 @@ result in very long processing times for B<editcap>.
Attempts to remove duplicate packets. The current packet's arrival time
is compared with up to 1000000 previous packets. If the packet's relative
arrival time is I<less than> the <dup time window> of a previous packet
arrival time is I<less than or equal to> the <dup time window> of a previous packet
and the packet length and MD5 hash of the current packet are the same then
the packet to skipped. The duplicate comparison test stops when
the current packet's relative arrival time is greater than <dup time window>.
@ -159,6 +161,14 @@ The time is given in the following format YYYY-MM-DD HH:MM:SS
Prints the version and options and exits.
=item -i E<lt>seconds per fileE<gt>
Splits the packet output to different files based on uniform time intervals
using a maximum interval of <seconds per file> each. Each output file will
be created with a suffix -nnnnn, starting with 00000. If packets for the specified
time interval are written to the output file, the next output file is
opened. The default is to use a single output file.
=item -r
Reverse the packet selection.
@ -265,10 +275,6 @@ To remove duplicate packets seen within the prior 100 frames use:
editcap -D 101 capture.pcap dedup.pcap
To remove duplicate packets seen I<less than> 1/10th of a second:
editcap -w 0.1 capture.pcap dedup.pcap
To remove duplicate packets seen I<equal to or less than> 1/10th of a second:
editcap -w 0.1 capture.pcap dedup.pcap

8
doc/mergecap.pod
View File

@ -23,8 +23,8 @@ a single output file specified by the B<-w> argument. B<Mergecap> knows
how to read B<libpcap> capture files, including those of B<tcpdump>,
B<Wireshark>, and other tools that write captures in that format.
By default, it writes the capture file in B<libpcap> format, and writes
all of the packets in both input capture files to the output file.
By default, B<Mergecap> writes the capture file in B<libpcap> format, and writes
all of the packets from the input capture files to the output file.
B<Mergecap> is able to detect, read and write the same capture files that
are supported by B<Wireshark>.
@ -48,7 +48,7 @@ copied directly from each input file to the output file, independent of
each frame's timestamp.
The output file frame encapsulation type is set to the type of the input
files, if all input files have the same type. If not all of the input
files if all input files have the same type. If not all of the input
files have the same frame encapsulation type, the output file type is
set to WTAP_ENCAP_PER_PACKET. Note that some capture file formats, most
notably B<libpcap>, do not currently support WTAP_ENCAP_PER_PACKET.
@ -71,7 +71,7 @@ file are already in chronological order.
=item -F E<lt>file formatE<gt>
Sets the file format of the output capture file. B<Mergecap> can write
the file in several formats, B<mergecap -F> provides a list of the
the file in several formats; B<mergecap -F> provides a list of the
available output formats. The default is to use the file format of the
first input file.

26
doc/text2pcap.pod
View File

@ -128,9 +128,9 @@ sort of L3 packet.
Include dummy IP headers before each packet. Specify the IP protocol
for the packet in decimal. Use this option if your dump is the payload
of an IP packet (i.e. has complete L4 information) but does not have
an IP header. Note that this automatically includes an appropriate
Ethernet header as well. Example: I<-i 46> to specify an RSVP packet
(IP protocol 46).
an IP header with each packet. Note that an appropriate Ethernet header
is automatically included with each packet as well.
Example: I<-i 46> to specify an RSVP packet (IP protocol 46).
=item -m E<lt>max-packetE<gt>
@ -148,26 +148,26 @@ TCP packets.
Include dummy UDP headers before each packet. Specify the source and
destination UDP ports for the packet in decimal. Use this option if
your dump is the UDP payload of a packet but does not include any UDP,
IP or Ethernet headers. Note that this automatically includes
appropriate Ethernet and IP headers with each packet. Example: I<-u
1000,69> to make the packets look like TFTP/UDP packets.
IP or Ethernet headers. Note that appropriate Ethernet and IP headers
are automatically also included with each packet.
Example: I<-u1000,69> to make the packets look like TFTP/UDP packets.
=item -T E<lt>srcportE<gt>,E<lt>destportE<gt>
Include dummy TCP headers before each packet. Specify the source and
destination TCP ports for the packet in decimal. Use this option if
your dump is the TCP payload of a packet but does not include any TCP,
IP or Ethernet headers. Note that this automatically includes
appropriate Ethernet and IP headers with each packet.
Sequence numbers will start a 0.
IP or Ethernet headers. Note that appropriate Ethernet and IP headers
are automatically also included with each packet.
Sequence numbers will start at 0.
=item -s E<lt>srcportE<gt>,E<lt>destportE<gt>,E<lt>tagE<gt>
Include dummy SCTP headers before each packet. Specify, in decimal, the
source and destination SCTP ports, and verification tag, for the packet.
Use this option if your dump is the SCTP payload of a packet but does
not include any SCTP, IP or Ethernet headers. Note that this
automatically includes appropriate Ethernet and IP headers with each
not include any SCTP, IP or Ethernet headers. Note that appropriate
Ethernet and IP headers are automatically also included with each
packet. A CRC32C checksum will be put into the SCTP header.
=item -S E<lt>srcportE<gt>,E<lt>destportE<gt>,E<lt>ppiE<gt>
@ -177,8 +177,8 @@ source and destination SCTP ports, and a verification tag of 0, for the
packet, and prepend a dummy SCTP DATA chunk header with a payload
protocol identifier if I<ppi>. Use this option if your dump is the SCTP
payload of a packet but does not include any SCTP, IP or Ethernet
headers. Note that this automatically includes appropriate Ethernet and
IP headers with each packet. A CRC32C checksum will be put into the
headers. Note that appropriate Ethernet and IP headers are
automatcally included with each packet. A CRC32C checksum will be put into the
SCTP header.
=item -t E<lt>timefmtE<gt>