diff options
| author | Ulf Lamping <ulf.lamping@web.de> | 2006-01-11 01:53:46 +0000 |
|---|---|---|
| committer | Ulf Lamping <ulf.lamping@web.de> | 2006-01-11 01:53:46 +0000 |
| commit | 34f4ff7baeb596d7e64e1a99813fa2eb8ad15852 (patch) | |
| tree | 574681252258a3c8ea83e2693d2595e85f03e6f3 /doc/editcap.pod | |
| parent | a5c90d377c11d80003b9c7393ab436036e636918 (diff) | |
instead of repeating the capture file format description over and over again (this list also tends to become outdated), just give a small description and refer to the Ethereal man page
svn path=/trunk/; revision=16997
Diffstat (limited to 'doc/editcap.pod')
| -rw-r--r-- | doc/editcap.pod | 132 |
1 files changed, 24 insertions, 108 deletions
diff --git a/doc/editcap.pod b/doc/editcap.pod index 99cf40ae13..40364c4d85 100644 --- a/doc/editcap.pod +++ b/doc/editcap.pod @@ -26,17 +26,28 @@ B<Editcap> is a program that reads some or all of the captured packets from the I<infile>, optionally converts them in various ways and writes the resulting packets to the capture I<outfile> (or outfiles). -By default, it reads all packets from the I<infile> and writes them to the I<outfile> -in libpcap file format. +By default, it reads all packets from the I<infile> and writes them to the +I<outfile> in libpcap file format. + +A list of packet numbers can be specified on the command line; ranges of +packet numbers can be specified as I<start>-I<end>, referring to all packets +from I<start> to I<end>. +The selected packets with those numbers will I<not> be written to the +capture file. +If the B<-r> flag is specified, the whole packet selection is reversed; +in that case I<only> the selected packets will be written to the capture file. + +B<Editcap> is able to detect, read and write the same capture files that +are supported by B<Ethereal>. +The input file doesn't need a specific filename extension, the file +format and an optional gzip compression will be automatically detected. +The I<capture file format> section of I<ethereal(1)> or +I<http://www.ethereal.com/docs/man-pages/ethereal.1.html> +provides a detailed description. -A list of packet numbers can be specified on the command line; ranges of packet numbers can be -specified as I<start>-I<end>, referring to all packets from I<start> to -I<end>. -The selected packets with those numbers will I<not> be written to the capture file. -If the B<-r> flag is specified, the whole packet selection is reversed; in that case I<only> the selected packets -will be written to the capture file. - -The supported input and output capture file formats are described in a section below. +B<Editcap> can write the file in several output formats. The B<-F> +flag can be used to specify the format in which to write the capture +file, B<editcap -F> provides a list of the available output formats. =head1 OPTIONS @@ -174,104 +185,6 @@ To introduce 5% random errors in a capture file use: =back -=head1 Capture File Formats - -There is no need to tell B<Editcap> what type of -file you are reading; it will determine the file type by itself. - -B<Editcap> is also capable of reading any of these file formats if they -are compressed using gzip. It recognizes this directly from the -file; the '.gz' extension is not required for this purpose. - -The following I<input> file formats are supported: - -=over 4 - -=item * -libpcap/WinPcap, tcpdump and various other tools using tcpdump's capture format - -=item * -B<snoop> and B<atmsnoop> - -=item * -Shomiti/Finisar B<Surveyor> captures - -=item * -Novell B<LANalyzer> captures - -=item * -Microsoft B<Network Monitor> captures - -=item * -AIX's B<iptrace> captures - -=item * -Cinco Networks B<NetXRay> captures - -=item * -Network Associates Windows-based B<Sniffer> captures - -=item * -Network General/Network Associates DOS-based B<Sniffer> (compressed or uncompressed) captures - -=item * -AG Group/WildPackets B<EtherPeek>/B<TokenPeek>/B<AiroPeek>/B<EtherHelp>/B<PacketGrabber> captures - -=item * -B<RADCOM>'s WAN/LAN analyzer captures - -=item * -Network Instruments B<Observer> version 9 captures - -=item * -B<Lucent/Ascend> router debug output - -=item * -files from HP-UX's B<nettl> - -=item * -B<Toshiba's> ISDN routers dump output - -=item * -the output from B<i4btrace> from the ISDN4BSD project - -=item * -traces from the B<EyeSDN> USB S0. - -=item * -the output in B<IPLog> format from the Cisco Secure Intrusion Detection System - -=item * -B<pppd logs> (pppdump format) - -=item * -the output from VMS's B<TCPIPtrace>/B<TCPtrace>/B<UCX$TRACE> utilities - -=item * -the text output from the B<DBS Etherwatch> VMS utility - -=item * -Visual Networks' B<Visual UpTime> traffic capture - -=item * -the output from B<CoSine> L2 debug - -=item * -the output from Accellent's B<5Views> LAN agents - -=item * -Endace Measurement Systems' ERF format captures - -=item * -Linux Bluez Bluetooth stack B<hcidump -w> traces - -=back - -B<Editcap> can write the file in several output formats. The B<-F> -flag can be used to specify the format in which to write the capture -file, B<editcap -F> provides -a list of the available output formats. - =head1 SEE ALSO I<tcpdump(8)>, I<pcap(3)>, I<ethereal(1)>, I<mergecap(1)> @@ -281,6 +194,9 @@ I<tcpdump(8)>, I<pcap(3)>, I<ethereal(1)>, I<mergecap(1)> B<Editcap> is part of the B<Ethereal> distribution. The latest version of B<Ethereal> can be found at B<http://www.ethereal.com>. +HTML versions of the Ethereal project man pages are available at: +http://www.ethereal.com/docs/man-pages + =head1 AUTHORS Original Author |