7 files changed, 321 insertions, 97 deletions
diff --git a/doc/Makefile.nmake b/doc/Makefile.nmake
index 912dffda31..c21c42a2b6 100644
--- a/doc/Makefile.nmake
+++ b/doc/Makefile.nmake
@@ -1,7 +1,7 @@
 # Makefile.nmake
 # Nmake file for Ethereal documentation
 #
-# $Id: Makefile.nmake,v 1.12 2003/12/23 11:53:25 ulfl Exp $
+# $Id: Makefile.nmake,v 1.13 2004/04/25 09:02:02 ulfl Exp $
 #
 # Ethereal - Network traffic analyzer
 # By Gerald Combs <gerald@ethereal.com>
@@ -54,7 +54,7 @@ tethereal.1: tethereal.pod ../config.h
 
 tethereal.html: tethereal.pod ../config.h
 	$(POD2HTML)                    \
-	--title="The Ethereal Network Analyzer $(VERSION)" \
+	--title="tethereal - The Ethereal Network Analyzer $(VERSION)" \
 	--noindex                                 \
 	tethereal.pod > tethereal.html
 
@@ -66,7 +66,7 @@ ethereal-filter.4: ethereal-filter.pod ../config.h
 
 ethereal-filter.html: ethereal-filter.pod ../config.h
 	$(POD2HTML)                    \
-	--title="The Ethereal Network Analyzer $(VERSION)" \
+	--title="ethereal-filter - The Ethereal Network Analyzer $(VERSION)" \
 	--noindex                                 \
 	ethereal-filter.pod > ethereal-filter.html
 
@@ -83,7 +83,7 @@ editcap.1: editcap.pod ../config.h
 
 editcap.html: editcap.pod ../config.h
 	$(POD2HTML)                     \
-	--title="The Ethereal Network Analyzer $(VERSION)" \
+	--title="editcap - The Ethereal Network Analyzer $(VERSION)" \
 	--noindex                                 \
 	editcap.pod > editcap.html
 
@@ -95,7 +95,7 @@ idl2eth.1: idl2eth.pod ../config.h
 
 idl2eth.html: idl2eth.pod ../config.h
 	$(POD2HTML)                     \
-	--title="The Ethereal Network Analyzer $(VERSION)" \
+	--title="idl2eth - The Ethereal Network Analyzer $(VERSION)" \
 	--noindex                                 \
 	idl2eth.pod > idl2eth.html
 
@@ -107,7 +107,7 @@ mergecap.1: mergecap.pod ../config.h
 
 mergecap.html: mergecap.pod ../config.h
 	$(POD2HTML)                     \
-	--title="The Ethereal Network Analyzer $(VERSION)" \
+	--title="mergecap - The Ethereal Network Analyzer $(VERSION)" \
 	--noindex                                 \
 	mergecap.pod > mergecap.html
 
@@ -119,7 +119,7 @@ text2pcap.1: text2pcap.pod ../config.h
 
 text2pcap.html: text2pcap.pod ../config.h
 	$(POD2HTML)                     \
-	--title="The Ethereal Network Analyzer $(VERSION)" \
+	--title="text2pcap - The Ethereal Network Analyzer $(VERSION)" \
 	--noindex                                 \
 	text2pcap.pod > text2pcap.html
 
diff --git a/doc/editcap.pod b/doc/editcap.pod
index 2f1ed717d3..9c89b6dc19 100644
--- a/doc/editcap.pod
+++ b/doc/editcap.pod
@@ -23,26 +23,93 @@ B<Editcap> is a program that reads a saved capture file and writes some
 or all of the packets in that capture file to another capture file. 
 B<Editcap> knows how to read B<libpcap> capture files, including those
 of B<tcpdump>, B<Ethereal>, and other tools that write captures in that
-format.  In addition, B<Editcap> can read capture files from B<snoop>
-and B<atmsnoop>, Shomiti/Finisar B<Surveyor> captures, Novell
-B<LANalyzer> captures, Network General/Network Associates DOS-based
-B<Sniffer> (compressed or uncompressed) captures, Microsoft B<Network
-Monitor> captures, files from AIX's B<iptrace>, Cinco Networks
-B<NetXRay> captures, captures from Network Associates Windows-based
-B<Sniffer>, AG Group/WildPackets
-B<EtherPeek>/B<TokenPeek>/B<AiroPeek>/B<EtherHelp> captures, captures
-from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> router debug output,
-files from HP-UX's B<nettl>, the dump output from B<Toshiba's> ISDN
-routers, the output from B<i4btrace> from the ISDN4BSD project, the
-output in B<IPLog> format from the Cisco Secure Intrusion Detection
-System, B<pppd logs> (pppdump format), the output from VMS's
-B<TCPIPtrace>/B<TCPtrace>/B<UCX$TRACE> utilities, the text output from
-the B<DBS Etherwatch> VMS utility, traffic capture files from Visual
-Networks' Visual UpTime, the output from B<CoSine> L2 debug, the output
-from Accellent's 5Views LAN agents, captures in Endace Measurement
-Systems' ERF format, Linux Bluez Bluetooth stack B<hcidump -w> traces,
-captures from Network Instruments Observer version 9, and traces from
-the EyeSDN USB S0.  There is no need to tell B<Editcap> what type of
+format.  
+
+B<Editcap> can read / import the following file formats:
+
+=over 4
+
+=item *
+libpcap/WinPcap, tcpdump and various other tools using tcpdump's capture format
+
+=item *
+B<snoop> and B<atmsnoop>
+
+=item *
+Shomiti/Finisar B<Surveyor> captures
+
+=item *
+Novell B<LANalyzer> captures
+
+=item *
+Microsoft B<Network Monitor> captures
+
+=item *
+AIX's B<iptrace> captures
+
+=item *
+Cinco Networks B<NetXRay> captures
+
+=item *
+Network Associates Windows-based B<Sniffer> captures
+
+=item *
+Network General/Network Associates DOS-based B<Sniffer> (compressed or uncompressed) captures
+
+=item *
+AG Group/WildPackets B<EtherPeek>/B<TokenPeek>/B<AiroPeek>/B<EtherHelp>/B<PacketGrabber> captures
+
+=item *
+B<RADCOM>'s WAN/LAN analyzer captures
+
+=item *
+Network Instruments B<Observer> version 9 captures
+
+=item *
+B<Lucent/Ascend> router debug output
+
+=item *
+files from HP-UX's B<nettl>
+
+=item *
+B<Toshiba's> ISDN routers dump output
+
+=item *
+the output from B<i4btrace> from the ISDN4BSD project
+
+=item *
+traces from the B<EyeSDN> USB S0.
+
+=item *
+the output in B<IPLog> format from the Cisco Secure Intrusion Detection System
+
+=item *
+B<pppd logs> (pppdump format)
+
+=item *
+the output from VMS's B<TCPIPtrace>/B<TCPtrace>/B<UCX$TRACE> utilities
+
+=item *
+the text output from the B<DBS Etherwatch> VMS utility
+
+=item *
+Visual Networks' B<Visual UpTime> traffic capture
+
+=item *
+the output from B<CoSine> L2 debug
+
+=item *
+the output from Accellent's B<5Views> LAN agents
+
+=item *
+Endace Measurement Systems' ERF format captures 
+
+=item *
+Linux Bluez Bluetooth stack B<hcidump -w> traces
+
+=back
+
+There is no need to tell B<Editcap> what type of
 file you are reading; it will determine the file type by itself. 
 B<Editcap> is also capable of reading any of these file formats if they
 are compressed using gzip.  B<Editcap> recognizes this directly from the
diff --git a/doc/idl2eth.pod b/doc/idl2eth.pod
index 598f250164..0d650767ea 100644
--- a/doc/idl2eth.pod
+++ b/doc/idl2eth.pod
@@ -25,6 +25,7 @@ B<ethereal_be.py>  - Contains the main IDL Visitor Class
 
 B<ethereal_gen.py> - Contains the Source Code Generator Class 
 
+=back
 
 B<idl2eth> supports heuristic dissection of GIOP/IIOP traffic,
 and some experimental code for explicit dissection, based on
diff --git a/doc/mergecap.pod b/doc/mergecap.pod
index 032b78e997..45344ded8b 100644
--- a/doc/mergecap.pod
+++ b/doc/mergecap.pod
@@ -19,26 +19,93 @@ I<...>
 B<Mergecap> is a program that combines multiple saved capture files into
 a single output file specified by the B<-w> argument.  B<Mergecap> knows
 how to read B<libpcap> capture files, including those of B<tcpdump>,
-B<Ethereal>, and other tools that write captures in that format.  In
-addition, B<Mergecap> can read capture files from B<snoop> and
-B<atmsnoop>, Shomiti/Finisar B<Surveyor> captures, Novell B<LANalyzer>
-captures, Network General/Network Associates DOS-based B<Sniffer>
-(compressed or uncompressed) captures, Microsoft B<Network Monitor>
-captures, files from AIX's B<iptrace>, Cinco Networks B<NetXRay>
-captures, captures from Network Associates Windows-based B<Sniffer>, AG
-Group/WildPackets B<EtherPeek>/B<TokenPeek>/B<AiroPeek>/B<EtherHelp>
-captures, captures from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend>
-router debug output, files from HP-UX's B<nettl>, the dump output from
-B<Toshiba's> ISDN routers, the output from B<i4btrace> from the ISDN4BSD
-project, the output in B<IPLog> format from the Cisco Secure Intrusion
-Detection System, B<pppd logs> (pppdump format), the output from VMS's
-B<TCPIPtrace>/B<TCPtrace>/B<UCX$TRACE> utilities, the text output from
-the B<DBS Etherwatch> VMS utility, traffic capture files from Visual
-Networks' Visual UpTime, the output from B<CoSine> L2 debug, the output
-from Accellent's 5Views LAN agents, captures in Endace Measurement
-Systems' ERF format, Linux Bluez Bluetooth stack B<hcidump -w> traces,
-captures from Network Instruments Observer version 9, and traces from
-the EyeSDN USB S0.  There is no need to tell B<Mergecap> what type of
+B<Ethereal>, and other tools that write captures in that format.  
+
+B<Mergecap> can read / import the following file formats:
+
+=over 4
+
+=item *
+libpcap/WinPcap, tcpdump and various other tools using tcpdump's capture format
+
+=item *
+B<snoop> and B<atmsnoop>
+
+=item *
+Shomiti/Finisar B<Surveyor> captures
+
+=item *
+Novell B<LANalyzer> captures
+
+=item *
+Microsoft B<Network Monitor> captures
+
+=item *
+AIX's B<iptrace> captures
+
+=item *
+Cinco Networks B<NetXRay> captures
+
+=item *
+Network Associates Windows-based B<Sniffer> captures
+
+=item *
+Network General/Network Associates DOS-based B<Sniffer> (compressed or uncompressed) captures
+
+=item *
+AG Group/WildPackets B<EtherPeek>/B<TokenPeek>/B<AiroPeek>/B<EtherHelp>/B<PacketGrabber> captures
+
+=item *
+B<RADCOM>'s WAN/LAN analyzer captures
+
+=item *
+Network Instruments B<Observer> version 9 captures
+
+=item *
+B<Lucent/Ascend> router debug output
+
+=item *
+files from HP-UX's B<nettl>
+
+=item *
+B<Toshiba's> ISDN routers dump output
+
+=item *
+the output from B<i4btrace> from the ISDN4BSD project
+
+=item *
+traces from the B<EyeSDN> USB S0.
+
+=item *
+the output in B<IPLog> format from the Cisco Secure Intrusion Detection System
+
+=item *
+B<pppd logs> (pppdump format)
+
+=item *
+the output from VMS's B<TCPIPtrace>/B<TCPtrace>/B<UCX$TRACE> utilities
+
+=item *
+the text output from the B<DBS Etherwatch> VMS utility
+
+=item *
+Visual Networks' B<Visual UpTime> traffic capture
+
+=item *
+the output from B<CoSine> L2 debug
+
+=item *
+the output from Accellent's B<5Views> LAN agents
+
+=item *
+Endace Measurement Systems' ERF format captures 
+
+=item *
+Linux Bluez Bluetooth stack B<hcidump -w> traces
+
+=back
+
+There is no need to tell B<Mergecap> what type of
 file you are reading; it will determine the file type by itself. 
 B<Mergecap> is also capable of reading any of these file formats if they
 are compressed using gzip.  B<Mergecap> recognizes this directly from
@@ -127,6 +194,8 @@ Sets the snapshot length to use when writing the data.
 
 Prints the version and options and exits.
 
+=back
+
 =head1 SEE ALSO
 
 I<tcpdump(8)>, I<pcap(3)>, I<ethereal(1)>, I<editcap(1)>
diff --git a/doc/tethereal.pod b/doc/tethereal.pod
index aa20d76baf..f5002fc59a 100644
--- a/doc/tethereal.pod
+++ b/doc/tethereal.pod
@@ -43,26 +43,93 @@ data from a live network, or read packets from a previously saved
 capture file, either printing a decoded form of those packets to the
 standard output or writing the packets to a file.  B<Tethereal>'s native
 capture file format is B<libpcap> format, which is also the format used
-by B<tcpdump> and various other tools.  In addition, B<Tethereal> can
-read capture files from B<snoop> and B<atmsnoop>, Shomiti/Finisar
-B<Surveyor> captures, Novell B<LANalyzer> captures, Network
-General/Network Associates DOS-based B<Sniffer> (compressed or
-uncompressed) captures, Microsoft B<Network Monitor> captures, files
-from AIX's B<iptrace>, Cinco Networks B<NetXRay> captures, captures from
-Network Associates Windows-based B<Sniffer>, AG Group/WildPackets
-B<EtherPeek>/B<TokenPeek>/B<AiroPeek>/B<EtherHelp> captures, captures
-from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> router debug output,
-files from HP-UX's B<nettl>, the dump output from B<Toshiba's> ISDN
-routers, the output from B<i4btrace> from the ISDN4BSD project, the
-output in B<IPLog> format from the Cisco Secure Intrusion Detection
-System, B<pppd logs> (pppdump format), the output from VMS's
-B<TCPIPtrace>/B<TCPtrace>/B<UCX$TRACE> utilities, the text output from
-the B<DBS Etherwatch> VMS utility, traffic capture files from Visual
-Networks' Visual UpTime, the output from B<CoSine> L2 debug, the output
-from Accellent's 5Views LAN agents, captures in Endace Measurement
-Systems' ERF format, Linux Bluez Bluetooth stack B<hcidump -w> traces,
-captures from Network Instruments Observer version 9, and traces from
-the EyeSDN USB S0.  There is no need to tell B<Tethereal> what type of
+by B<tcpdump> and various other tools.  
+
+B<Ethereal> can read / import the following file formats:
+
+=over 4
+
+=item *
+libpcap/WinPcap, tcpdump and various other tools using tcpdump's capture format
+
+=item *
+B<snoop> and B<atmsnoop>
+
+=item *
+Shomiti/Finisar B<Surveyor> captures
+
+=item *
+Novell B<LANalyzer> captures
+
+=item *
+Microsoft B<Network Monitor> captures
+
+=item *
+AIX's B<iptrace> captures
+
+=item *
+Cinco Networks B<NetXRay> captures
+
+=item *
+Network Associates Windows-based B<Sniffer> captures
+
+=item *
+Network General/Network Associates DOS-based B<Sniffer> (compressed or uncompressed) captures
+
+=item *
+AG Group/WildPackets B<EtherPeek>/B<TokenPeek>/B<AiroPeek>/B<EtherHelp>/B<PacketGrabber> captures
+
+=item *
+B<RADCOM>'s WAN/LAN analyzer captures
+
+=item *
+Network Instruments B<Observer> version 9 captures
+
+=item *
+B<Lucent/Ascend> router debug output
+
+=item *
+files from HP-UX's B<nettl>
+
+=item *
+B<Toshiba's> ISDN routers dump output
+
+=item *
+the output from B<i4btrace> from the ISDN4BSD project
+
+=item *
+traces from the B<EyeSDN> USB S0.
+
+=item *
+the output in B<IPLog> format from the Cisco Secure Intrusion Detection System
+
+=item *
+B<pppd logs> (pppdump format)
+
+=item *
+the output from VMS's B<TCPIPtrace>/B<TCPtrace>/B<UCX$TRACE> utilities
+
+=item *
+the text output from the B<DBS Etherwatch> VMS utility
+
+=item *
+Visual Networks' B<Visual UpTime> traffic capture
+
+=item *
+the output from B<CoSine> L2 debug
+
+=item *
+the output from Accellent's B<5Views> LAN agents
+
+=item *
+Endace Measurement Systems' ERF format captures 
+
+=item *
+Linux Bluez Bluetooth stack B<hcidump -w> traces
+
+=back
+
+There is no need to tell B<Tethereal> what type of
 file you are reading; it will determine the file type by itself. 
 B<Tethereal> is also capable of reading any of these file formats if
 they are compressed using gzip.  B<Tethereal> recognizes this directly
@@ -84,35 +151,48 @@ in the packet.
 When writing packets to a file, B<Tethereal>, by default, writes the
 file in B<libpcap> format, and writes all of the packets it sees to the
 output file.  The B<-F> flag can be used to specify the format in which
-to write the file.  The following formats are supported:
+to write the file.  The following output formats are supported:
 
-=over 8
+=over 4
 
-=item B<libpcap> - libpcap (tcpdump, Ethereal, etc.)
+=item*
+B<libpcap> - libpcap (tcpdump, Ethereal, etc.)
 
-=item B<rh6_1libpcap> - Red Hat Linux 6.1 libpcap (tcpdump)
+=item *
+B<rh6_1libpcap> - Red Hat Linux 6.1 libpcap (tcpdump)
 
-=item B<suse6_3libpcap> - SuSE Linux 6.3 libpcap (tcpdump)
+=item *
+B<suse6_3libpcap> - SuSE Linux 6.3 libpcap (tcpdump)
 
-=item B<modlibpcap> - modified libpcap (tcpdump)
+=item *
+B<modlibpcap> - modified libpcap (tcpdump)
 
-=item B<nokialibpcap> - Nokia libpcap (tcpdump)
+=item *
+B<nokialibpcap> - Nokia libpcap (tcpdump)
 
-=item B<lanalyzer> - Novell LANalyzer
+=item *
+B<lanalyzer> - Novell LANalyzer
 
-=item B<ngsniffer> - Network Associates Sniffer (DOS-based)
+=item *
+B<ngsniffer> - Network Associates Sniffer (DOS-based)
 
-=item B<snoop> - Sun snoop
+=item *
+B<snoop> - Sun snoop
 
-=item B<netmon1> - Microsoft Network Monitor 1.x
+=item *
+B<netmon1> - Microsoft Network Monitor 1.x
 
-=item B<netmon2> - Microsoft Network Monitor 2.x
+=item *
+B<netmon2> - Microsoft Network Monitor 2.x
 
-=item B<ngwsniffer_1_1> - Network Associates Sniffer (Windows-based) 1.1
+=item *
+B<ngwsniffer_1_1> - Network Associates Sniffer (Windows-based) 1.1
 
-=item B<ngwsniffer_2_0> - Network Associates Sniffer (Windows-based) 2.00x
+=item *
+B<ngwsniffer_2_0> - Network Associates Sniffer (Windows-based) 2.00x
 
-=item B<visual> - Visual Networks traffic capture
+=item *
+B<visual> - Visual Networks traffic capture
 
 =back
 
diff --git a/doc/text2pcap.pod b/doc/text2pcap.pod
index 1b83aac24d..f781604613 100644
--- a/doc/text2pcap.pod
+++ b/doc/text2pcap.pod
@@ -192,6 +192,8 @@ B<NOTE:> The subsecond component delimiter must be specified (.) but no
 pattern is required; the remaining number is assumed to be fractions of
 a second.
 
+=back
+
 =head1 SEE ALSO
 
 I<tcpdump(8)>, I<pcap(3)>, I<ethereal(1)>, I<editcap(1)>, I<strptime(3)>.
diff --git a/help/overview.txt b/help/overview.txt
index c7dd8431ed..2e5d3317ca 100644
--- a/help/overview.txt
+++ b/help/overview.txt
@@ -6,26 +6,31 @@ See: http://www.ethereal.com for new versions, documentation, ...
 
 Ethereal's native capture file format is libpcap format, which is also the format used by tcpdump and various other tools. So Ethereal can read capture files from:
 
--libpcap/WinPcap
+-libpcap/WinPcap, tcpdump and various other tools using tcpdump's capture format
 -snoop and atmsnoop
--Shomiti/Finisar Surveyor
--Novell LANalyzer
--Network General/Network Associates DOS-based Sniffer (compressed or uncompressed),
--Microsoft Network Monitor
--AIX's iptrace
--Cinco Networks NetXRay
--Network Associates Windows-based Sniffer
--AG Group/WildPackets EtherPeek/TokenPeek/AiroPeek
--RADCOM's WAN/LAN analyzer
+-Shomiti/Finisar Surveyor captures
+-Novell LANalyzer captures
+-Microsoft Network Monitor captures
+-AIX's iptrace captures
+-Cinco Networks NetXRay captures
+-Network Associates Windows-based Sniffer captures
+-Network General/Network Associates DOS-based Sniffer (compressed or uncompressed) captures
+-AG Group/WildPackets EtherPeek/TokenPeek/AiroPeek/EtherHelp/PacketGrabber captures
+-RADCOM's WAN/LAN analyzer captures
+-Network Instruments Observer version 9 captures
 -Lucent/Ascend router debug output
--HP-UX's nettl
--the dump output from Toshiba's ISDN routers
+-files from HP-UX's nettl
+-Toshiba's ISDN routers dump output
 -the output from i4btrace from the ISDN4BSD project
--the output in IPLog format from the Cisco Secure Intrusion Detection System, 
+-traces from the EyeSDN USB S0.
+-the output in IPLog format from the Cisco Secure Intrusion Detection System
 -pppd logs (pppdump format)
--the output from VMS's TCPIPtrace utility
+-the output from VMS's TCPIPtrace/TCPtrace/UCX$TRACE utilities
 -the text output from the DBS Etherwatch VMS utility
--traffic capture files from Visual Networks' Visual UpTime
+-Visual Networks' Visual UpTime traffic capture
 -the output from CoSine L2 debug
+-the output from Accellent's 5Views LAN agents
+-Endace Measurement Systems' ERF format captures 
+-Linux Bluez Bluetooth stack hcidump -w traces
 
 There is no need to tell Ethereal what type of file you are reading; it will determine the file type by itself. Ethereal is also capable of reading any of these file formats if they are compressed using gzip. Ethereal recognizes this directly from the file; the '.gz' extension is not required for this purpose.