forked from osmocom/wireshark
Update man pages; Add several missing options; Fix typos, Do minor rewording;
editcap: Add description of -i option; dumpcap: Add description of -S option; svn path=/trunk/; revision=28336
This commit is contained in:
parent
4989352829
commit
927fabd0e5
|
@ -95,11 +95,11 @@ B<Capinfos> detects this.
|
|||
|
||||
=item -y
|
||||
|
||||
Displays the average data rate, in bytes
|
||||
Displays the average data rate, in bytes/sec
|
||||
|
||||
=item -i
|
||||
|
||||
Displays the average data rate, in bits
|
||||
Displays the average data rate, in bits/sec
|
||||
|
||||
=item -z
|
||||
|
||||
|
@ -107,7 +107,7 @@ displays the average packet size, in bytes
|
|||
|
||||
=item -x
|
||||
|
||||
displays the average packet rate, in packets
|
||||
displays the average packet rate, in packets/sec
|
||||
|
||||
=item -h
|
||||
|
||||
|
@ -117,7 +117,7 @@ Prints the help listing and exits.
|
|||
|
||||
=head1 SEE ALSO
|
||||
|
||||
tcpdump(8), pcap(3), wireshark(1)>, mergecap(1), editcap(1), tshark(1),
|
||||
tcpdump(8), pcap(3), wireshark(1), mergecap(1), editcap(1), tshark(1),
|
||||
dumpcap(1)
|
||||
|
||||
=head1 NOTES
|
||||
|
|
|
@ -19,6 +19,7 @@ S<[ B<-n> ]>
|
|||
S<[ B<-M> ]>
|
||||
S<[ B<-p> ]>
|
||||
S<[ B<-s> E<lt>capture snaplenE<gt> ]>
|
||||
S<[ B<-S> ]>
|
||||
S<[ B<-v> ]>
|
||||
S<[ B<-w> E<lt>outfileE<gt> ]>
|
||||
S<[ B<-y> E<lt>capture link typeE<gt> ]>
|
||||
|
@ -166,7 +167,7 @@ link types can be used for the B<-y> option.
|
|||
|
||||
=item -M
|
||||
|
||||
When used with B<-D> and B<-L>, print verbose, machine-readable output.
|
||||
When used with B<-D>, B<-L> and B<-S>, print verbose, machine-readable output.
|
||||
|
||||
=item -n
|
||||
|
||||
|
@ -188,6 +189,10 @@ No more than I<snaplen> bytes of each network packet will be read into
|
|||
memory, or saved to disk. A value of 0 specifies a snapshot length of
|
||||
65535, so that the full packet is captured; this is the default.
|
||||
|
||||
=item -S
|
||||
|
||||
Print statistics for each interface once every second.
|
||||
|
||||
=item -v
|
||||
|
||||
Print the version and exit.
|
||||
|
|
|
@ -13,6 +13,7 @@ S<[ B<-F> E<lt>file formatE<gt> ]>
|
|||
S<[ B<-A> E<lt>start timeE<gt> ]>
|
||||
S<[ B<-B> E<lt>stop timeE<gt> ]>
|
||||
S<[ B<-h> ]>
|
||||
S<[ B<-i> E<lt>seconds per fileE<gt> ]>
|
||||
S<[ B<-r> ]>
|
||||
S<[ B<-s> E<lt>snaplenE<gt> ]>
|
||||
S<[ B<-t> E<lt>time adjustmentE<gt> ]>
|
||||
|
@ -62,7 +63,7 @@ the same way B<Editcap> handles this.
|
|||
|
||||
B<Editcap> can write the file in several output formats. The B<-F>
|
||||
flag can be used to specify the format in which to write the capture
|
||||
file, B<editcap -F> provides a list of the available output formats.
|
||||
file; B<editcap -F> provides a list of the available output formats.
|
||||
|
||||
=head1 OPTIONS
|
||||
|
||||
|
@ -70,9 +71,10 @@ file, B<editcap -F> provides a list of the available output formats.
|
|||
|
||||
=item -c E<lt>packets per fileE<gt>
|
||||
|
||||
Sets the maximum number of packets per output file. Each output file will
|
||||
Splits the packet output to different files based on uniform packet counts
|
||||
with a maximum of <packets per file> each. Each output file will
|
||||
be created with a suffix -nnnnn, starting with 00000. If the specified
|
||||
number of packets are written to the output file, the next output file is
|
||||
number of packets is written to the output file, the next output file is
|
||||
opened. The default is to use a single output file.
|
||||
|
||||
=item -C E<lt>choplenE<gt>
|
||||
|
@ -111,7 +113,7 @@ result in very long processing times for B<editcap>.
|
|||
|
||||
Attempts to remove duplicate packets. The current packet's arrival time
|
||||
is compared with up to 1000000 previous packets. If the packet's relative
|
||||
arrival time is I<less than> the <dup time window> of a previous packet
|
||||
arrival time is I<less than or equal to> the <dup time window> of a previous packet
|
||||
and the packet length and MD5 hash of the current packet are the same then
|
||||
the packet to skipped. The duplicate comparison test stops when
|
||||
the current packet's relative arrival time is greater than <dup time window>.
|
||||
|
@ -159,6 +161,14 @@ The time is given in the following format YYYY-MM-DD HH:MM:SS
|
|||
|
||||
Prints the version and options and exits.
|
||||
|
||||
=item -i E<lt>seconds per fileE<gt>
|
||||
|
||||
Splits the packet output to different files based on uniform time intervals
|
||||
using a maximum interval of <seconds per file> each. Each output file will
|
||||
be created with a suffix -nnnnn, starting with 00000. If packets for the specified
|
||||
time interval are written to the output file, the next output file is
|
||||
opened. The default is to use a single output file.
|
||||
|
||||
=item -r
|
||||
|
||||
Reverse the packet selection.
|
||||
|
@ -265,10 +275,6 @@ To remove duplicate packets seen within the prior 100 frames use:
|
|||
|
||||
editcap -D 101 capture.pcap dedup.pcap
|
||||
|
||||
To remove duplicate packets seen I<less than> 1/10th of a second:
|
||||
|
||||
editcap -w 0.1 capture.pcap dedup.pcap
|
||||
|
||||
To remove duplicate packets seen I<equal to or less than> 1/10th of a second:
|
||||
|
||||
editcap -w 0.1 capture.pcap dedup.pcap
|
||||
|
|
|
@ -23,8 +23,8 @@ a single output file specified by the B<-w> argument. B<Mergecap> knows
|
|||
how to read B<libpcap> capture files, including those of B<tcpdump>,
|
||||
B<Wireshark>, and other tools that write captures in that format.
|
||||
|
||||
By default, it writes the capture file in B<libpcap> format, and writes
|
||||
all of the packets in both input capture files to the output file.
|
||||
By default, B<Mergecap> writes the capture file in B<libpcap> format, and writes
|
||||
all of the packets from the input capture files to the output file.
|
||||
|
||||
B<Mergecap> is able to detect, read and write the same capture files that
|
||||
are supported by B<Wireshark>.
|
||||
|
@ -48,7 +48,7 @@ copied directly from each input file to the output file, independent of
|
|||
each frame's timestamp.
|
||||
|
||||
The output file frame encapsulation type is set to the type of the input
|
||||
files, if all input files have the same type. If not all of the input
|
||||
files if all input files have the same type. If not all of the input
|
||||
files have the same frame encapsulation type, the output file type is
|
||||
set to WTAP_ENCAP_PER_PACKET. Note that some capture file formats, most
|
||||
notably B<libpcap>, do not currently support WTAP_ENCAP_PER_PACKET.
|
||||
|
@ -71,7 +71,7 @@ file are already in chronological order.
|
|||
=item -F E<lt>file formatE<gt>
|
||||
|
||||
Sets the file format of the output capture file. B<Mergecap> can write
|
||||
the file in several formats, B<mergecap -F> provides a list of the
|
||||
the file in several formats; B<mergecap -F> provides a list of the
|
||||
available output formats. The default is to use the file format of the
|
||||
first input file.
|
||||
|
||||
|
|
|
@ -128,9 +128,9 @@ sort of L3 packet.
|
|||
Include dummy IP headers before each packet. Specify the IP protocol
|
||||
for the packet in decimal. Use this option if your dump is the payload
|
||||
of an IP packet (i.e. has complete L4 information) but does not have
|
||||
an IP header. Note that this automatically includes an appropriate
|
||||
Ethernet header as well. Example: I<-i 46> to specify an RSVP packet
|
||||
(IP protocol 46).
|
||||
an IP header with each packet. Note that an appropriate Ethernet header
|
||||
is automatically included with each packet as well.
|
||||
Example: I<-i 46> to specify an RSVP packet (IP protocol 46).
|
||||
|
||||
=item -m E<lt>max-packetE<gt>
|
||||
|
||||
|
@ -148,26 +148,26 @@ TCP packets.
|
|||
Include dummy UDP headers before each packet. Specify the source and
|
||||
destination UDP ports for the packet in decimal. Use this option if
|
||||
your dump is the UDP payload of a packet but does not include any UDP,
|
||||
IP or Ethernet headers. Note that this automatically includes
|
||||
appropriate Ethernet and IP headers with each packet. Example: I<-u
|
||||
1000,69> to make the packets look like TFTP/UDP packets.
|
||||
IP or Ethernet headers. Note that appropriate Ethernet and IP headers
|
||||
are automatically also included with each packet.
|
||||
Example: I<-u1000,69> to make the packets look like TFTP/UDP packets.
|
||||
|
||||
=item -T E<lt>srcportE<gt>,E<lt>destportE<gt>
|
||||
|
||||
Include dummy TCP headers before each packet. Specify the source and
|
||||
destination TCP ports for the packet in decimal. Use this option if
|
||||
your dump is the TCP payload of a packet but does not include any TCP,
|
||||
IP or Ethernet headers. Note that this automatically includes
|
||||
appropriate Ethernet and IP headers with each packet.
|
||||
Sequence numbers will start a 0.
|
||||
IP or Ethernet headers. Note that appropriate Ethernet and IP headers
|
||||
are automatically also included with each packet.
|
||||
Sequence numbers will start at 0.
|
||||
|
||||
=item -s E<lt>srcportE<gt>,E<lt>destportE<gt>,E<lt>tagE<gt>
|
||||
|
||||
Include dummy SCTP headers before each packet. Specify, in decimal, the
|
||||
source and destination SCTP ports, and verification tag, for the packet.
|
||||
Use this option if your dump is the SCTP payload of a packet but does
|
||||
not include any SCTP, IP or Ethernet headers. Note that this
|
||||
automatically includes appropriate Ethernet and IP headers with each
|
||||
not include any SCTP, IP or Ethernet headers. Note that appropriate
|
||||
Ethernet and IP headers are automatically also included with each
|
||||
packet. A CRC32C checksum will be put into the SCTP header.
|
||||
|
||||
=item -S E<lt>srcportE<gt>,E<lt>destportE<gt>,E<lt>ppiE<gt>
|
||||
|
@ -177,8 +177,8 @@ source and destination SCTP ports, and a verification tag of 0, for the
|
|||
packet, and prepend a dummy SCTP DATA chunk header with a payload
|
||||
protocol identifier if I<ppi>. Use this option if your dump is the SCTP
|
||||
payload of a packet but does not include any SCTP, IP or Ethernet
|
||||
headers. Note that this automatically includes appropriate Ethernet and
|
||||
IP headers with each packet. A CRC32C checksum will be put into the
|
||||
headers. Note that appropriate Ethernet and IP headers are
|
||||
automatcally included with each packet. A CRC32C checksum will be put into the
|
||||
SCTP header.
|
||||
|
||||
=item -t E<lt>timefmtE<gt>
|
||||
|
|
Loading…
Reference in New Issue