osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

Sort the options. Delete all the line-terminating "g's" added in 40820. 

svn path=/trunk/; revision=41563
This commit is contained in:
Chris Maynard 2012-03-15 14:50:07 +00:00
parent 2ef7d8fe83
commit 9c7b936e79
1 changed files with 110 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

220
doc/editcap.pod
View File

@ -6,22 +6,22 @@ editcap - Edit and/or translate the format of capture files
=head1 SYNOPSIS
B<editcap>
S<[ B<-A> E<lt>start timeE<gt> ]>
S<[ B<-B> E<lt>stop timeE<gt> ]>
S<[ B<-c> E<lt>packets per fileE<gt> ]>
S<[ B<-C> E<lt>choplenE<gt> ]>
S<[ B<-E> E<lt>error probabilityE<gt> ]>
S<[ B<-F> E<lt>file formatE<gt> ]>
S<[ B<-W> E<lt>file format optionE<gt>]>
S<[ B<-H> E<lt>input hosts file<gt> ]>
S<[ B<-A> E<lt>start timeE<gt> ]>
S<[ B<-B> E<lt>stop timeE<gt> ]>
S<[ B<-h> ]>
S<[ B<-H> E<lt>input hosts file<gt> ]>
S<[ B<-i> E<lt>seconds per fileE<gt> ]>
S<[ B<-r> ]>
S<[ B<-s> E<lt>snaplenE<gt> ]>
S<[ B<-t> E<lt>time adjustmentE<gt> ]>
S<[ B<-S> E<lt>strict time adjustmentE<gt> ]>
S<[ B<-t> E<lt>time adjustmentE<gt> ]>
S<[ B<-T> E<lt>encapsulation typeE<gt> ]>
S<[ B<-v> ]>
S<[ B<-W> E<lt>file format optionE<gt>]>
I<infile>
I<outfile>
S<[ I<packet#>[-I<packet#>] ... ]>
@ -36,14 +36,14 @@ I<outfile>
=head1 DESCRIPTION
B<Editcap> is a program that reads some or all of the captured packets from theg
I<infile>, optionally converts them in various ways and writes theg
resulting packets to the capture I<outfile> (or outfiles).g
B<Editcap> is a program that reads some or all of the captured packets from the
I<infile>, optionally converts them in various ways and writes the
resulting packets to the capture I<outfile> (or outfiles).
By default, it reads all packets from the I<infile> and writes them to theg
By default, it reads all packets from the I<infile> and writes them to the
I<outfile> in libpcap file format.
An optional list of packet numbers can be specified on the command tail;g
An optional list of packet numbers can be specified on the command tail;
individual packet numbers separated by whitespace and/or ranges of packet
numbers can be specified as I<start>-I<end>, referring to all packets from
I<start> to I<end>. By default the selected packets with those numbers will
@ -55,9 +55,9 @@ B<Editcap> can also be used to remove duplicate packets. Several different
options (B<-d>, B<-D> and B<-w>) are used to control the packet window
or relative time window to be used for duplicate comparison.
B<Editcap> is able to detect, read and write the same capture files thatg
B<Editcap> is able to detect, read and write the same capture files that
are supported by B<Wireshark>.
The input file doesn't need a specific filename extension; the fileg
The input file doesn't need a specific filename extension; the file
format and an optional gzip compression will be automatically detected.
Near the beginning of the DESCRIPTION section of wireshark(1) or
L<http://www.wireshark.org/docs/man-pages/wireshark.html>
@ -72,12 +72,22 @@ file; B<editcap -F> provides a list of the available output formats.
=over 4
=item -A E<lt>start timeE<gt>
Saves only the packets whose timestamp is on or after start time.
The time is given in the following format YYYY-MM-DD HH:MM:SS
=item -B E<lt>stop timeE<gt>
Saves only the packets whose timestamp is before stop time.
The time is given in the following format YYYY-MM-DD HH:MM:SS
=item -c E<lt>packets per fileE<gt>
Splits the packet output to different files based on uniform packet counts
with a maximum of <packets per file> each. Each output file willg
be created with a suffix -nnnnn, starting with 00000. If the specifiedg
number of packets is written to the output file, the next output file isg
with a maximum of <packets per file> each. Each output file will
be created with a suffix -nnnnn, starting with 00000. If the specified
number of packets is written to the output file, the next output file is
opened. The default is to use a single output file.
=item -C E<lt>choplenE<gt>
@ -92,8 +102,8 @@ bytes at the end of each packet.
=item -d
Attempts to remove duplicate packets. The length and MD5 hash of theg
current packet are compared to the previous four (4) packets. If ag
Attempts to remove duplicate packets. The length and MD5 hash of the
current packet are compared to the previous four (4) packets. If a
match is found, the current packet is skipped. This option is equivalent
to using the option B<-D 5>.
@ -114,33 +124,11 @@ The <dup window> is specified as an integer value between 0 and 1000000 (inclusi
NOTE: Specifying large <dup window> values with large tracefiles can
result in very long processing times for B<editcap>.
=item -w E<lt>dup time windowE<gt>
Attempts to remove duplicate packets. The current packet's arrival time
is compared with up to 1000000 previous packets. If the packet's relative
arrival time is I<less than or equal to> the <dup time window> of a previous packet
and the packet length and MD5 hash of the current packet are the same then
the packet to skipped. The duplicate comparison test stops when
the current packet's relative arrival time is greater than <dup time window>.
The <dup time window> is specified as I<seconds>[I<.fractional seconds>].
The [.fractional seconds] component can be specified to nine (9) decimal
places (billionths of a second) but most typical trace files have resolution
to six (6) decimal places (millionths of a second).
NOTE: Specifying large <dup time window> values with large tracefiles can
result in very long processing times for B<editcap>.
NOTE: The B<-w> option assumes that the packets are in chronological order.g
If the packets are NOT in chronological order then the B<-w> duplicationg
removal option may not identify some duplicates.
=item -E E<lt>error probabilityE<gt>
Sets the probability that bytes in the output file are randomly changed.
B<Editcap> uses that probability (between 0.0 and 1.0 inclusive)g
to apply errors to each data byte in the file. For instance, ag
B<Editcap> uses that probability (between 0.0 and 1.0 inclusive)
to apply errors to each data byte in the file. For instance, a
probability of 0.02 means that each byte has a 2% chance of having an error.
This option is meant to be used for fuzz-testing protocol dissectors.
@ -148,25 +136,13 @@ This option is meant to be used for fuzz-testing protocol dissectors.
=item -F E<lt>file formatE<gt>
Sets the file format of the output capture file.
B<Editcap> can write the file in several formats, B<editcap -F>g
B<Editcap> can write the file in several formats, B<editcap -F>
provides a list of the available output formats. The default
is the B<libpcap> format.
=item -W E<lt>file format optionE<gt>
=item -h
Save extra information in the file if the format supports it. For
example,
-F pcapng -W n
will save host name resolution records along with captured packets.
Future versions of Wireshark may automatically change the capture format to
B<pcapng> as needed.
The argument is a string that may contain the following letter:
B<n> write network address resolution information (pcapng only)
Prints the version and options and exits.
=item -H E<lt>input "hosts" fileE<gt>
@ -176,26 +152,12 @@ the output file. Implies B<-W n>.
The input file format is described at
L<http://en.wikipedia.org/wiki/Hosts_%28file%29>.
=item -A E<lt>start timeE<gt>
Saves only the packets whose timestamp is on or after start time.
The time is given in the following format YYYY-MM-DD HH:MM:SS
=item -B E<lt>stop timeE<gt>
Saves only the packets whose timestamp is before stop time.
The time is given in the following format YYYY-MM-DD HH:MM:SS
=item -h
Prints the version and options and exits.
=item -i E<lt>seconds per fileE<gt>
Splits the packet output to different files based on uniform time intervals
using a maximum interval of <seconds per file> each. Each output file willg
be created with a suffix -nnnnn, starting with 00000. If packets for the specifiedg
time interval are written to the output file, the next output file isg
using a maximum interval of <seconds per file> each. Each output file will
be created with a suffix -nnnnn, starting with 00000. If packets for the specified
time interval are written to the output file, the next output file is
opened. The default is to use a single output file.
=item -r
@ -210,7 +172,7 @@ Sets the snapshot length to use when writing the data.
If the B<-s> flag is used to specify a snapshot length, packets in the
input file with more captured data than the specified snapshot length
will have only the amount of data specified by the snapshot length
written to the output file.g
written to the output file.
This may be useful if the program that is
to read the output file cannot handle packets larger than a certain size
@ -219,6 +181,39 @@ appear to reject Ethernet packets larger than the standard Ethernet MTU,
making them incapable of handling gigabit Ethernet captures if jumbo
packets were used).
=item -S E<lt>strict time adjustmentE<gt>
Time adjust selected packets to insure strict chronological order.
The <strict time adjustment> value represents relative seconds
specified as [-]I<seconds>[I<.fractional seconds>].
As the capture file is processed each packet's absolute time is
I<possibly> adjusted to be equal to or greater than the previous
packet's absolute timestamp depending on the <strict time
adjustment> value.
If <strict time adjustment> value is 0 or greater (e.g. 0.000001)
then B<only> packets with a timestamp less than the previous packet
will adjusted. The adjusted timestamp value will be set to be
equal to the timestamp value of the previous packet plus the value
of the <strict time adjustment> value. A <strict time adjustment>
value of 0 will adjust the minimum number of timestamp values
necessary to insure that the resulting capture file is in
strict chronological order.
If <strict time adjustment> value is specified as a
negative value, then the timestamp values of B<all>
packets will be adjusted to be equal to the timestamp value
of the previous packet plus the absolute value of the
<lt>strict time adjustment<gt> value. A <strict time
adjustment> value of -0 will result in all packets
having the timestamp value of the first packet.
This feature is useful when the trace file has an occasional
packet with a negative delta time relative to the previous
packet.
=item -t E<lt>time adjustmentE<gt>
Sets the time adjustment to use on selected packets.
@ -227,53 +222,20 @@ adjustment will be applied to all selected packets in the capture file.
The adjustment is specified as [-]I<seconds>[I<.fractional seconds>].
For example, B<-t> 3600 advances the timestamp on selected packets by one
hour while B<-t> -0.5 reduces the timestamp on selected packets by
one-half second.g
one-half second.
This feature is useful when synchronizing dumps
collected on different machines where the time difference between the
two machines is known or can be estimated.
=item -S E<lt>strict time adjustmentE<gt>
Time adjust selected packets to insure strict chronological order.g
The <strict time adjustment> value represents relative seconds
specified as [-]I<seconds>[I<.fractional seconds>].
As the capture file is processed each packet's absolute time isg
I<possibly> adjusted to be equal to or greater than the previousg
packet's absolute timestamp depending on the <strict timeg
adjustment> value.g
If <strict time adjustment> value is 0 or greater (e.g. 0.000001)g
then B<only> packets with a timestamp less than the previous packetg
will adjusted. The adjusted timestamp value will be set to beg
equal to the timestamp value of the previous packet plus the valueg
of the <strict time adjustment> value. A <strict time adjustment>g
value of 0 will adjust the minimum number of timestamp valuesg
necessary to insure that the resulting capture file is ing
strict chronological order.
If <strict time adjustment> value is specified as ag
negative value, then the timestamp values of B<all>g
packets will be adjusted to be equal to the timestamp valueg
of the previous packet plus the absolute value of theg
<lt>strict time adjustment<gt> value. A <strict time
adjustment> value of -0 will result in all packets
having the timestamp value of the first packet.
This feature is useful when the trace file has an occasional
packet with a negative delta time relative to the previousg
packet.
=item -T E<lt>encapsulation typeE<gt>
Sets the packet encapsulation type of the output capture file.
If the B<-T> flag is used to specify an encapsulation type, the
encapsulation type of the output capture file will be forced to the
specified type.g
specified type.
B<editcap -T> provides a list of the available types. The default
type is the one appropriate to the encapsulation type of the inputg
type is the one appropriate to the encapsulation type of the input
capture file.
Note: this merely
@ -293,6 +255,44 @@ Use of B<-v> with the de-duplication switches of B<-d>, B<-D> or B<-w>
will cause all MD5 hashes to be printed whether the packet is skipped
or not.
=item -w E<lt>dup time windowE<gt>
Attempts to remove duplicate packets. The current packet's arrival time
is compared with up to 1000000 previous packets. If the packet's relative
arrival time is I<less than or equal to> the <dup time window> of a previous packet
and the packet length and MD5 hash of the current packet are the same then
the packet to skipped. The duplicate comparison test stops when
the current packet's relative arrival time is greater than <dup time window>.
The <dup time window> is specified as I<seconds>[I<.fractional seconds>].
The [.fractional seconds] component can be specified to nine (9) decimal
places (billionths of a second) but most typical trace files have resolution
to six (6) decimal places (millionths of a second).
NOTE: Specifying large <dup time window> values with large tracefiles can
result in very long processing times for B<editcap>.
NOTE: The B<-w> option assumes that the packets are in chronological order.
If the packets are NOT in chronological order then the B<-w> duplication
removal option may not identify some duplicates.
=item -W E<lt>file format optionE<gt>
Save extra information in the file if the format supports it. For
example,
-F pcapng -W n
will save host name resolution records along with captured packets.
Future versions of Wireshark may automatically change the capture format to
B<pcapng> as needed.
The argument is a string that may contain the following letter:
B<n> write network address resolution information (pcapng only)
=back
=head1 EXAMPLES