If a core Wireshark developer repeatedly can't remember that the

argument to the -F flag for pcap format is "libpcap", not "pcap", we have a problem. Make it "pcap", and add a backwards-compatibility hack to support using "libpcap" as well. Update the man pages to refer to it as pcap as well, and fix the capitalization of "WinPcap" (see http://www.winpcap.org) while we're at it. Also, refer to http://www.tcpdump.org/linktypes.html for the list of link-layer header types for pcap and pcap-ng. svn path=/trunk/; revision=50989
author: Guy Harris <guy@alum.mit.edu> 2013-07-28 21:12:07 +0000
committer: Guy Harris <guy@alum.mit.edu> 2013-07-28 21:12:07 +0000
commit: a4ad9e9f74d58f3a869ceb27845f74345d7b81be (patch)
tree: 8232de5a3f542b692b883fcf0f057b0f2a0e7af5 /doc/rawshark.pod
parent: 0f13e3c95d571c7000e84d0c1e6f9f76575508b4 (diff)
1 files changed, 18 insertions, 17 deletions
diff --git a/doc/rawshark.pod b/doc/rawshark.pod
index fcf9822055..0514d41efb 100644
--- a/doc/rawshark.pod
+++ b/doc/rawshark.pod
@@ -1,7 +1,7 @@
 
 =head1 NAME
 
-rawshark - Dump and analyze raw libpcap data
+rawshark - Dump and analyze raw pcap data
 
 =head1 SYNOPSIS
 
@@ -36,7 +36,7 @@ useful. The other flags listed above follow the same conventions as
 B<Wireshark> and B<TShark>.
 
 B<Rawshark> expects input records with the following format by default. This
-matches the format of the packet header and packet data in a libpcap-formatted
+matches the format of the packet header and packet data in a pcap-formatted
 file on disk.
 
     struct rawshark_rec_s {
@@ -49,13 +49,13 @@ file on disk.
 
 If B<-p> is supplied B<rawshark> expects the following format.  This
 matches the I<struct pcap_pkthdr> structure and packet data used in
-libpcap.  This structure's format is platform-dependent; the size of the
-I<tv_sec> field in the I<struct timeval> structure could be 32 bits or
-64 bits.  For B<rawshark> to work, the layout of the structure in the
-input must match the layout of the structure in B<rawshark>.  Note that
-this format will probably be the same as the previous format if
-B<rawshark> is a 32-bit program, but will not necessarily be the same if
-B<rawshark> is a 64-bit program.
+libpcap/WinPcap.  This structure's format is platform-dependent; the
+size of the I<tv_sec> field in the I<struct timeval> structure could be
+32 bits or 64 bits.  For B<rawshark> to work, the layout of the
+structure in the input must match the layout of the structure in
+B<rawshark>.  Note that this format will probably be the same as the
+previous format if B<rawshark> is a 32-bit program, but will not
+necessarily be the same if B<rawshark> is a 64-bit program.
 
     struct rawshark_rec_s {
         struct timeval ts;    /* Time stamp */
@@ -104,13 +104,14 @@ fields might be displayed.
 Specify how the packet data should be dissected. The encapsulation is of the
 form I<type>B<:>I<value>, where I<type> is one of:
 
-B<encap>:I<name> Packet data should be dissected using the libpcap data link
-type (DLT) I<name>, e.g. B<encap:EN10MB> for Ethernet. Names are converted
-using pcap_datalink_name_to_val().
+B<encap>:I<name> Packet data should be dissected using the
+libpcap/WinPcap data link type (DLT) I<name>, e.g. B<encap:EN10MB> for
+Ethernet.  Names are converted using pcap_datalink_name_to_val().
+A complete list of DLTs can be found at
+L<http://www.tcpdump.org/linktypes.html>.
 
-B<encap>:I<number> Packet data should be dissected using the libpcap DLT
-I<number>, e.g. B<encap:105> for raw IEEE 802.11. A complete list of DLTs
-can be found in pcap-bpf.h in the libpcap sources.
+B<encap>:I<number> Packet data should be dissected using the
+libpcap/WinPcap DLT I<number>, e.g. B<encap:105> for raw IEEE 802.11. 
 
 B<proto>:I<protocol> Packet data should be passed to the specified Wireshark
 protocol dissector, e.g. B<proto:http> for HTTP data.
@@ -312,7 +313,7 @@ whitespace. The same directory as for the personal preferences file is
 used.
 
 Capture filter name resolution is handled by libpcap on UNIX-compatible
-systems and WinPCAP on Windows.  As such the Wireshark personal F<hosts> file
+systems and WinPcap on Windows.  As such the Wireshark personal F<hosts> file
 will not be consulted for capture filter name resolution.
 
 =item Name Resolution (ethers)
@@ -339,7 +340,7 @@ The personal F<ethers> file is looked for in the same directory as the personal
 preferences file.
 
 Capture filter name resolution is handled by libpcap on UNIX-compatible
-systems and WinPCAP on Windows.  As such the Wireshark personal F<ethers> file
+systems and WinPcap on Windows.  As such the Wireshark personal F<ethers> file
 will not be consulted for capture filter name resolution.
 
 =item Name Resolution (manuf)
author	Guy Harris <guy@alum.mit.edu>	2013-07-28 21:12:07 +0000
committer	Guy Harris <guy@alum.mit.edu>	2013-07-28 21:12:07 +0000
commit	a4ad9e9f74d58f3a869ceb27845f74345d7b81be (patch)
tree	8232de5a3f542b692b883fcf0f057b0f2a0e7af5 /doc/rawshark.pod
parent	0f13e3c95d571c7000e84d0c1e6f9f76575508b4 (diff)