argument to the -F flag for pcap format is "libpcap", not "pcap", we
have a problem. Make it "pcap", and add a backwards-compatibility hack
to support using "libpcap" as well.
Update the man pages to refer to it as pcap as well, and fix the
capitalization of "WinPcap" (see http://www.winpcap.org) while we're at
it.
Also, refer to http://www.tcpdump.org/linktypes.html for the list of
link-layer header types for pcap and pcap-ng.
svn path=/trunk/; revision=50989
those options (which had been cut-n-paste from the tshark man page).
For editcap to support these options it would either need to be linked
against libwireshark or the address resolution stuff would need to be moved
from libwireshark to, for example, libwsutil.
svn path=/trunk/; revision=45975
support; TShark has read+write support. Additionally TShark can read a
"hosts" file and write those records to a capture file.
This uses "struct addrinfo" in many places and probably won't compile on
some platforms.
svn path=/trunk/; revision=36318
This patch adds a new '-S' option to editcap that will rewrite timestamps of
packets to insure that the new capture file is in strict chronological order.
This option's primary use case is to fixup the occasional timestamps that have
a negative delta time relative to previous packet.
This feature is related to (but does not depend on) capinfos enhancement
submitted in bug #4315 which helps identify tracefiles with "out-of-order"
packets.
svn path=/trunk/; revision=33042
- New duplicate packet removal options for editcap
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3168
I changed the patch a bit:
- Adapted to 80 chars wide screen
- Merged -w and -W parameters
svn path=/trunk/; revision=28074
Don't use anything on man page references - pod2man handles that.
Don't refer to "the capture file format section" of the Wireshark man
page, as there's no section explicitly labelled as such; just refer to
the beginning of the DESCRIPTION section.
svn path=/trunk/; revision=18694
The attached patch extends the synopsys and adds an 'Examples' chapter to
the editcap documentation.
I've edited this a bit, without the real knowledge :-(, to make it:
a. look better
b. make more sense (at least to me)
svn path=/trunk/; revision=16325
except that the 0x80 bit is turned on in the file version number field.
Turn that bit off before processing that field.
svn path=/trunk/; revision=9342
Man pages don't have any notion of external links and there
isn't enough information for pod2html to resolve the links for
manpages in the "See Also" section of the man pages. As a
result running pod2html generates a bunch of warning messages
and just emphasizes/italicizes the text.
Therefore, we change the link (L<name>) command to an emphasizes
(I<name>) command. The net result is the same, but you don't get
the warnings when generating HTML docs.
At some point in the future someone might want to do the work to
get the links to generate correctly, but until then this will
shut up pod2html.
svn path=/trunk/; revision=5021
formats we can read; include vendor names.
We should be able to read TokenPeek captures, as well as captures from
the Windows versions of EtherPeek.
Don't list the version numbers for EtherPeek and TokenPeek - those are
file format version numbers, not program version numbers.
svn path=/trunk/; revision=4599
libpcap format, and say that it's also used by "other tools" (tcpdump
and Ethereal/Tethereal aren't the only tools that write captures in that
format).
Weaken the claim that we read Etherpeek files to say only that we read
Etherpeek versions 5, 6, and 7 for Macintosh, so people don't conclude
that we read Etherpeek-for-Windows captures (we don't).
svn path=/trunk/; revision=4337