Add a man page for "editcap".

svn path=/trunk/; revision=1446

1 files changed, 97 insertions, 0 deletions

diff --git a/doc/editcap.pod b/doc/editcap.pod
new file mode 100644
index 0000000000..3948f1ffcb
--- /dev/null
+++ b/doc/editcap.pod
@@ -0,0 +1,97 @@
+
+=head1 NAME
+
+Editcap - Edit and/or translate the format of capture files
+
+=head1 SYNOPSYS
+
+B<editcap>
+S<[ B<-F> file format ]>
+S<[ B<-T> encapsulation type ]>
+S<[ B<-r> ]>
+S<[ B<-v> ]>
+S<[ B<-h> ]>
+I<infile>
+I<outfile>
+S<[ I<record#> ... ]>
+
+=head1 DESCRIPTION
+
+B<Editcap> is a program that reads a saved capture file and writes some
+or all of the packets in that capture file to another capture file.
+B<Editcap> knows how to read B<libpcap>
+capture files, including those of B<tcpdump>.  In addition, B<Editcap> can
+read capture files from B<snoop> (including B<Shomiti>) and B<atmsnoop>,
+B<LanAlyzer>, uncompressed B<Sniffer>, Microsoft B<Network Monitor>,
+AIX's B<iptrace>, B<NetXray>, B<Sniffer Pro>, B<RADCOM>'s WAN/LAN
+analyzer, B<Lucent/Ascend> router debug output, HP-UX's B<nettl>, and
+the dump output from B<Toshiba's> ISDN routers.  There is no need to
+tell B<Editcap> what type of file you are reading; it will determine the
+file type by itself.  B<Editcap> is also capable of reading any of these
+file formats if they are compressed using gzip.  B<Editcap> recognizes
+this directly from the file; the '.gz' extension is not required for
+this purpose.
+
+By default, it writes the capture file in B<libpcap> format, and writes
+all of the packets in the capture file to the output file.  The B<-F>
+flag can be used to specify the format in which to write the capture
+file; it can write the file in B<libpcap> format (standard B<libpcap>
+format, a modified format used by some patched versions of B<libpcap>,
+or the format used by Red Hat Linux 6.1), B<snoop> format, uncompressed
+B<Sniffer> format, Microsoft B<Network Monitor> 1.x format, and the
+format used by Windows-based versions of the B<Sniffer> software.
+
+A list of packet numbers can be specified on the command line; the
+packets with those numbers will I<not> be written to the capture file,
+unless the B<-r> flag is specified, in which case I<only> those packets
+will be written to the capture file.
+
+If the B<-T> flag, the encapsulation type of the output capture file
+will be forced to the specified type, rather than being the type
+appropriate to the encapsulation type of the input capture file.
+
+=head1 OPTIONS
+
+=over 4
+
+=item -F
+
+Sets the file format of the output capture file.
+
+=item -T
+
+Sets the packet encapsulation type of the output capture file.
+
+=item -r
+
+Causes the packets whose packet numbers are specified on the command
+line to be written to the output capture file, and no other packets to
+be written to the output capture file.
+
+=item -v
+
+Causes B<editcap> to print a number of messages while it's working.
+
+=item -h
+
+Prints the version and options and exits.
+
+=head1 SEE ALSO
+
+L<tcpdump(8)>, L<pcap(3)>, L<ethereal(1)>
+
+=head1 NOTES
+
+B<Editcap> is part of the B<Ethereal> distribution.  The latest version
+of B<Ethereal> can be found at B<http://ethereal.zing.org>.
+
+=head1 AUTHORS
+
+  Original Author
+  -------- ------
+  Richard Sharpe           <sharpe@ns.aus.com>
+
+
+  Contributors
+  ------------
+  Guy Harris               <guy@alum.mit.edu>