aboutsummaryrefslogtreecommitdiffstats
path: root/doc/rawshark.pod
diff options
context:
space:
mode:
authorGerald Combs <gerald@wireshark.org>2009-03-31 23:38:31 +0000
committerGerald Combs <gerald@wireshark.org>2009-03-31 23:38:31 +0000
commit4400c3393e7016d387591d16f4472ad5a62f876b (patch)
treec4240c4c2817ba353d7b940ba954ab8ac0564900 /doc/rawshark.pod
parentdb3e983b04963aeeff4518bfe1f8af1430355164 (diff)
Rawshark fixes from Duncan Salerno.
svn path=/trunk/; revision=27919
Diffstat (limited to 'doc/rawshark.pod')
-rw-r--r--doc/rawshark.pod15
1 files changed, 7 insertions, 8 deletions
diff --git a/doc/rawshark.pod b/doc/rawshark.pod
index 98e291e758..8d8db1d8c7 100644
--- a/doc/rawshark.pod
+++ b/doc/rawshark.pod
@@ -15,6 +15,7 @@ S<[ B<-N> E<lt>name resolving flagsE<gt> ]>
S<[ B<-o> E<lt>preference settingE<gt> ] ...>
S<[ B<-r> E<lt>infile or pipeE<gt> ]>
S<[ B<-R> E<lt>read (display) filterE<gt> ]>
+S<[ B<-s> ]>
S<[ B<-S> E<lt>field formatE<gt> ]>
S<[ B<-t> ad|a|r|d|e ]>
S<[ B<-v> ]>
@@ -37,7 +38,8 @@ B<Rawshark> expects input records with the following format. Note that this
matches the pcap_pkthdr struct and packet data used in libpcap.
struct rawshark_rec_s {
- struct timeval ts; /* Time stamp */
+ uint32_t ts_sec; /* Time stamp (seconds) */
+ uint32_t ts_usec; /* Time stamp (microseconds) */
uint32_t caplen; /* Length of the packet buffer */
uint32_t len; /* "On the wire" length of the packet */
uint8_t *data; /* Packet data */
@@ -162,15 +164,12 @@ and must be have the record format specified above.
=item -R E<lt>read (display) filterE<gt>
Cause the specified filter (which uses the syntax of read/display filters,
-rather than that of capture filters) to be applied before printing the output. Packets not
-matching the filter are discarded rather than being printed or written.
+rather than that of capture filters) to be applied before printing the output.
-=item -s E<lt>capture snaplenE<gt>
+=item -s
-Set the default snapshot length to use when capturing live data.
-No more than I<snaplen> bytes of each network packet will be read into
-memory, or saved to disk. A value of 0 specifies a snapshot length of
-65535, so that the full packet is captured; this is the default.
+Allows standard pcap files to be used as input, by skipping over the 24
+byte pcap file header.
=item -S