aboutsummaryrefslogtreecommitdiffstats
path: root/doc/editcap.pod
diff options
context:
space:
mode:
authorMartin Mathieson <martin.r.mathieson@googlemail.com>2015-06-28 13:31:14 +0100
committerAnders Broman <a.broman58@gmail.com>2015-06-29 02:41:54 +0000
commit11410338840cde193ccf90eb3031c37838468f1f (patch)
treeab71fe244430fa6ab47ec4f96be336e9103b2b0d /doc/editcap.pod
parentda09a1bfd86c2066ab492178bd2c0faa96bfd579 (diff)
editcap: add new option (-a) to help
Change-Id: Ic1a07e29d30d96bf1dd86e10b198c42dd9349838 Reviewed-on: https://code.wireshark.org/review/9198 Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com> Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com> Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'doc/editcap.pod')
-rw-r--r--doc/editcap.pod13
1 files changed, 13 insertions, 0 deletions
diff --git a/doc/editcap.pod b/doc/editcap.pod
index 33ed59ffc2..d816926c20 100644
--- a/doc/editcap.pod
+++ b/doc/editcap.pod
@@ -6,6 +6,7 @@ editcap - Edit and/or translate the format of capture files
=head1 SYNOPSIS
B<editcap>
+S<[ B<-a> E<lt>frame:commentE<gt> ]>
S<[ B<-A> E<lt>start timeE<gt> ]>
S<[ B<-B> E<lt>stop timeE<gt> ]>
S<[ B<-c> E<lt>packets per fileE<gt> ]>
@@ -58,6 +59,8 @@ B<Editcap> can also be used to remove duplicate packets. Several different
options (B<-d>, B<-D> and B<-w>) are used to control the packet window
or relative time window to be used for duplicate comparison.
+B<Editcap> can be used to assign comment strings to frame numbers.
+
B<Editcap> is able to detect, read and write the same capture files that
are supported by B<Wireshark>.
The input file doesn't need a specific filename extension; the file
@@ -75,6 +78,12 @@ file; B<editcap -F> provides a list of the available output formats.
=over 4
+=item -a E<lt>framenum:commentE<gt>
+
+For the specificed frame number, assign the given comment string.
+Can be repeated for multiple frames. Quotes should be used with comment
+strings that include spaces.
+
=item -A E<lt>start timeE<gt>
Saves only the packets whose timestamp is on or after start time.
@@ -392,6 +401,10 @@ in a single pass, use any of the 8 possible methods provided below:
7) editcap -C -45:20 -C -60:-10 capture.pcap chopped.pcap
8) editcap -C -45:20 -C 15:-10 capture.pcap chopped.pcap
+To add comment strings to the first 2 input frames, use:
+
+ editcap -a "1:1st frame" -a 2:Second capture.pcap capture-comments.pcap
+
=head1 SEE ALSO
pcap(3), wireshark(1), tshark(1), mergecap(1), dumpcap(1), capinfos(1),