aboutsummaryrefslogtreecommitdiffstats
path: root/doc/mergecap.pod
diff options
context:
space:
mode:
Diffstat (limited to 'doc/mergecap.pod')
-rw-r--r--doc/mergecap.pod109
1 files changed, 89 insertions, 20 deletions
diff --git a/doc/mergecap.pod b/doc/mergecap.pod
index 032b78e997..45344ded8b 100644
--- a/doc/mergecap.pod
+++ b/doc/mergecap.pod
@@ -19,26 +19,93 @@ I<...>
B<Mergecap> is a program that combines multiple saved capture files into
a single output file specified by the B<-w> argument. B<Mergecap> knows
how to read B<libpcap> capture files, including those of B<tcpdump>,
-B<Ethereal>, and other tools that write captures in that format. In
-addition, B<Mergecap> can read capture files from B<snoop> and
-B<atmsnoop>, Shomiti/Finisar B<Surveyor> captures, Novell B<LANalyzer>
-captures, Network General/Network Associates DOS-based B<Sniffer>
-(compressed or uncompressed) captures, Microsoft B<Network Monitor>
-captures, files from AIX's B<iptrace>, Cinco Networks B<NetXRay>
-captures, captures from Network Associates Windows-based B<Sniffer>, AG
-Group/WildPackets B<EtherPeek>/B<TokenPeek>/B<AiroPeek>/B<EtherHelp>
-captures, captures from B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend>
-router debug output, files from HP-UX's B<nettl>, the dump output from
-B<Toshiba's> ISDN routers, the output from B<i4btrace> from the ISDN4BSD
-project, the output in B<IPLog> format from the Cisco Secure Intrusion
-Detection System, B<pppd logs> (pppdump format), the output from VMS's
-B<TCPIPtrace>/B<TCPtrace>/B<UCX$TRACE> utilities, the text output from
-the B<DBS Etherwatch> VMS utility, traffic capture files from Visual
-Networks' Visual UpTime, the output from B<CoSine> L2 debug, the output
-from Accellent's 5Views LAN agents, captures in Endace Measurement
-Systems' ERF format, Linux Bluez Bluetooth stack B<hcidump -w> traces,
-captures from Network Instruments Observer version 9, and traces from
-the EyeSDN USB S0. There is no need to tell B<Mergecap> what type of
+B<Ethereal>, and other tools that write captures in that format.
+
+B<Mergecap> can read / import the following file formats:
+
+=over 4
+
+=item *
+libpcap/WinPcap, tcpdump and various other tools using tcpdump's capture format
+
+=item *
+B<snoop> and B<atmsnoop>
+
+=item *
+Shomiti/Finisar B<Surveyor> captures
+
+=item *
+Novell B<LANalyzer> captures
+
+=item *
+Microsoft B<Network Monitor> captures
+
+=item *
+AIX's B<iptrace> captures
+
+=item *
+Cinco Networks B<NetXRay> captures
+
+=item *
+Network Associates Windows-based B<Sniffer> captures
+
+=item *
+Network General/Network Associates DOS-based B<Sniffer> (compressed or uncompressed) captures
+
+=item *
+AG Group/WildPackets B<EtherPeek>/B<TokenPeek>/B<AiroPeek>/B<EtherHelp>/B<PacketGrabber> captures
+
+=item *
+B<RADCOM>'s WAN/LAN analyzer captures
+
+=item *
+Network Instruments B<Observer> version 9 captures
+
+=item *
+B<Lucent/Ascend> router debug output
+
+=item *
+files from HP-UX's B<nettl>
+
+=item *
+B<Toshiba's> ISDN routers dump output
+
+=item *
+the output from B<i4btrace> from the ISDN4BSD project
+
+=item *
+traces from the B<EyeSDN> USB S0.
+
+=item *
+the output in B<IPLog> format from the Cisco Secure Intrusion Detection System
+
+=item *
+B<pppd logs> (pppdump format)
+
+=item *
+the output from VMS's B<TCPIPtrace>/B<TCPtrace>/B<UCX$TRACE> utilities
+
+=item *
+the text output from the B<DBS Etherwatch> VMS utility
+
+=item *
+Visual Networks' B<Visual UpTime> traffic capture
+
+=item *
+the output from B<CoSine> L2 debug
+
+=item *
+the output from Accellent's B<5Views> LAN agents
+
+=item *
+Endace Measurement Systems' ERF format captures
+
+=item *
+Linux Bluez Bluetooth stack B<hcidump -w> traces
+
+=back
+
+There is no need to tell B<Mergecap> what type of
file you are reading; it will determine the file type by itself.
B<Mergecap> is also capable of reading any of these file formats if they
are compressed using gzip. B<Mergecap> recognizes this directly from
@@ -127,6 +194,8 @@ Sets the snapshot length to use when writing the data.
Prints the version and options and exits.
+=back
+
=head1 SEE ALSO
I<tcpdump(8)>, I<pcap(3)>, I<ethereal(1)>, I<editcap(1)>