diff options
Diffstat (limited to 'doc/editcap.pod')
-rw-r--r-- | doc/editcap.pod | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/doc/editcap.pod b/doc/editcap.pod index 33ed59ffc2..d816926c20 100644 --- a/doc/editcap.pod +++ b/doc/editcap.pod @@ -6,6 +6,7 @@ editcap - Edit and/or translate the format of capture files =head1 SYNOPSIS B<editcap> +S<[ B<-a> E<lt>frame:commentE<gt> ]> S<[ B<-A> E<lt>start timeE<gt> ]> S<[ B<-B> E<lt>stop timeE<gt> ]> S<[ B<-c> E<lt>packets per fileE<gt> ]> @@ -58,6 +59,8 @@ B<Editcap> can also be used to remove duplicate packets. Several different options (B<-d>, B<-D> and B<-w>) are used to control the packet window or relative time window to be used for duplicate comparison. +B<Editcap> can be used to assign comment strings to frame numbers. + B<Editcap> is able to detect, read and write the same capture files that are supported by B<Wireshark>. The input file doesn't need a specific filename extension; the file @@ -75,6 +78,12 @@ file; B<editcap -F> provides a list of the available output formats. =over 4 +=item -a E<lt>framenum:commentE<gt> + +For the specificed frame number, assign the given comment string. +Can be repeated for multiple frames. Quotes should be used with comment +strings that include spaces. + =item -A E<lt>start timeE<gt> Saves only the packets whose timestamp is on or after start time. @@ -392,6 +401,10 @@ in a single pass, use any of the 8 possible methods provided below: 7) editcap -C -45:20 -C -60:-10 capture.pcap chopped.pcap 8) editcap -C -45:20 -C 15:-10 capture.pcap chopped.pcap +To add comment strings to the first 2 input frames, use: + + editcap -a "1:1st frame" -a 2:Second capture.pcap capture-comments.pcap + =head1 SEE ALSO pcap(3), wireshark(1), tshark(1), mergecap(1), dumpcap(1), capinfos(1), |