aboutsummaryrefslogtreecommitdiffstats
path: root/doc/editcap.pod
AgeCommit message (Collapse)AuthorFilesLines
2017-02-08editcap: handle too short frames in frame comparisonJaap Keuter1-3/+4
With option -I one can ignore the first number of bytes from the frame while doing duplicate frame removal. This doesn't handle shorter frames correctly. Add safeguards for this, and update the help text. Bug: 13378 Change-Id: Ia6b65d0797f4069f0b89fa134114d88d80988211 Reviewed-on: https://code.wireshark.org/review/20004 Petri-Dish: Peter Wu <peter@lekensteyn.nl> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Peter Wu <peter@lekensteyn.nl>
2016-01-16doc: fix spelling-error-in-manpage found by lintianAlexis La Goutte1-1/+1
Change-Id: I848159f0c960e0e8ece09c7c96dda6deb0ec6046 Reviewed-on: https://code.wireshark.org/review/13329 Reviewed-by: Dario Lombardo <lomato@gmail.com> Petri-Dish: Dario Lombardo <lomato@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-08-12editcap: add change offset.Dario Lombardo1-0/+8
This option skips some bytes when fuzzing, that prevents some headers from being changed. This focuses fuzzer to a smaller part of the packet. Change-Id: I1db83235e93f2774a9991e3af70f633487b816fa Reviewed-on: https://code.wireshark.org/review/9982 Petri-Dish: Anders Broman <a.broman58@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2015-06-29editcap: add new option (-a) to helpMartin Mathieson1-0/+13
Change-Id: Ic1a07e29d30d96bf1dd86e10b198c42dd9349838 Reviewed-on: https://code.wireshark.org/review/9198 Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com> Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2015-04-07Typo fix in manpage of editcapHerwin Weststrate1-1/+1
Positve => Positive Change-Id: I09190b44783d8b7f4e8e90208d8a82d192a6a189 Reviewed-on: https://code.wireshark.org/review/7971 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2014-09-20Add -I option in editcap to extend Duplicate packet removalkardam1-0/+8
Description: Ignore the specified bytes number at the beginning of the frame during MD5 hash calculation. Useful to remove duplicated packets taken on several routers or SW(differents mac addresses for example). e.g. -I 26 in case of Ether/IP/ will ignore ether(14) and IP header(20 - 4(src ip) - 4(dst ip)). The default value is 0. This option is only relevant when used with -d|-D|-w Bug: 8511 Change-Id: I009a09d32778a182b2d88f372651f658a4938882 Reviewed-on: https://code.wireshark.org/review/4104 Tested-by: Evan Huus <eapache@gmail.com> Reviewed-by: Evan Huus <eapache@gmail.com>
2014-09-17Update the doc directory to use https://www.wireshark.org.Gerald Combs1-3/+3
Change-Id: I9bfc57cb6b6ab6962b80ff58d98eb351d6f69829 Reviewed-on: https://code.wireshark.org/review/4140 Reviewed-by: Gerald Combs <gerald@wireshark.org>
2014-06-21Add command-line argument to request the version to a number of the utilities.Jeff Morriss1-0/+7
In some cases "-v" was already used so "-V" is the option. Note that the version information in these utilities is much shorter than what is presented by the big programs. As requested by https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5804 Bug: 5804 Change-Id: I35db35a4eace2797afd895f9be7322ef39928480 Reviewed-on: https://code.wireshark.org/review/2489 Reviewed-by: Guy Harris <guy@alum.mit.edu>
2013-09-09Replace the simpler chop example with a more detailed example.Chris Maynard1-4/+17
svn path=/trunk/; revision=51901
2013-09-09Fix typo.Chris Maynard1-2/+2
svn path=/trunk/; revision=51887
2013-09-09Fix the "crossed chopping region" problem. Also, move chopping to its own ↵Chris Maynard1-6/+14
function for both clarity and correctness since we need to compute chop offsets and lengths on a per-packet basis whereas previously this was not being done. Lastly, try to improve the documentation a bit concerning chopping and provide another example depicting 2 separate chopping regions. *Maybe* this is clearer? One more example here for posterity: Given the following 75 byte packet, there are 8 different ways to chop the 2 regions marked as 10 and 20 in a single pass: <--------------------------- 75 ----------------------------> +---+-------+-----------+---------------+-------------------+ | 5 | 10 | 15 | 20 | 25 | +---+-------+-----------+---------------+-------------------+ 1) editcap -C 5:10 -C -25:-20 in.pcap out.pcap 2) editcap -C 5:10 -C 50:-20 in.pcap out.pcap 3) editcap -C -70:10 -C -25:-20 in.pcap out.pcap 4) editcap -C -70:10 -C 50:-20 in.pcap out.pcap 5) editcap -C 30:20 -C -60:-10 in.pcap out.pcap 6) editcap -C 30:20 -C 15:-10 in.pcap out.pcap 7) editcap -C -45:20 -C -60:-10 in.pcap out.pcap 8) editcap -C -45:20 -C 15:-10 in.pcap out.pcap svn path=/trunk/; revision=51886
2013-09-09OK, allow either positive or negative offsets no matter if we're chopping ↵Chris Maynard1-2/+2
from the beginning or the end. Given the following example, it's now possible to chop the 10 bytes depicted from the 100 byte packet 4 different ways and achieve the exact same results: <-------- 100 --------> Methods: 1) editcap -C 20:10 in.pcap out.pcap +------+----+---------+ 2) editcap -C -80:10 in.pcap out.pcap | 20 | 10 | 70 | 3) editcap -C -70:-10 in.pcap out.pcap +------+----+---------+ 4) editcap -C 30:-10 in.pcap out.pcap svn path=/trunk/; revision=51854
2013-09-08Specify the optional offset as a positive value, regardless of chopping from ↵Chris Maynard1-3/+3
packet beginning or packet end. I *think* this will be easier syntax to remember. svn path=/trunk/; revision=51848
2013-09-08Allow an optional offset to be specified when chopping bytes from packets.Chris Maynard1-5/+14
svn path=/trunk/; revision=51845
2013-07-28If a core Wireshark developer repeatedly can't remember that theGuy Harris1-2/+2
argument to the -F flag for pcap format is "libpcap", not "pcap", we have a problem. Make it "pcap", and add a backwards-compatibility hack to support using "libpcap" as well. Update the man pages to refer to it as pcap as well, and fix the capitalization of "WinPcap" (see http://www.winpcap.org) while we're at it. Also, refer to http://www.tcpdump.org/linktypes.html for the list of link-layer header types for pcap and pcap-ng. svn path=/trunk/; revision=50989
2013-07-12Allow -C <choplen> to be used more than once so it is now possible to chop ↵Chris Maynard1-1/+5
bytes from both the beginning and end of a packet in a single step. svn path=/trunk/; revision=50536
2013-07-10Add -L option to allow adjustment of original frame length. This change was ↵Chris Maynard1-0/+7
motivated by a question on ask where the user currently has to jump through hoops to accomplish the same thing which can now be done in 1 step via: editcap -T wpan -C 16 -L -F libpcap test.pcap test_wpan.pcap I thought it would be useful enough for others as well. Ref: http://ask.wireshark.org/questions/22689/problems-with-editcap-and-wpan-encapsulation-option svn path=/trunk/; revision=50491
2013-06-07Fix all errors and warnings found by podchecker.Chris Maynard1-5/+1
svn path=/trunk/; revision=49837
2013-05-20If tcpdump doesn't exist, why refer to it? Omit this confusing phrase.Chris Maynard1-1/+1
svn path=/trunk/; revision=49427
2012-11-08editcap does not support the -H and -W options, remove the description ofJeff Morriss1-26/+0
those options (which had been cut-n-paste from the tshark man page). For editcap to support these options it would either need to be linked against libwireshark or the address resolution stuff would need to be moved from libwireshark to, for example, libwsutil. svn path=/trunk/; revision=45975
2012-03-15Sort the options. Delete all the line-terminating "g's" added in 40820.Chris Maynard1-108/+108
svn path=/trunk/; revision=41563
2012-02-03The libpcap puts pcap-filter into the misc section (which seems to be 7).Jörg Mayer1-44/+44
Refer to pcap-filter and mention tcpdump only as a fallback. svn path=/trunk/; revision=40820
2011-03-24Add initial pcapng name resolution record support. Wireshark has readGerald Combs1-0/+26
support; TShark has read+write support. Additionally TShark can read a "hosts" file and write those records to a capture file. This uses "struct addrinfo" in many places and probably won't compile on some platforms. svn path=/trunk/; revision=36318
2011-02-04From Jason Masker (bug 5240):Sake Blok1-4/+6
` Allow editcap to chop from beginning of packet for decapsulation svn path=/trunk/; revision=35832
2010-11-16Make editcap -B work like expected: output no packets after the stop time.Sake Blok1-1/+1
Old behavior was to include a packet with a timestamp of 12:00:00.934 if -B "YYYY-MM-DD 12:00:00" was used. svn path=/trunk/; revision=34913
2010-11-09Fixed typos.Chris Maynard1-3/+3
svn path=/trunk/; revision=34816
2010-06-02From Jim Young via bug 4331:Gerald Combs1-0/+42
This patch adds a new '-S' option to editcap that will rewrite timestamps of packets to insure that the new capture file is in strict chronological order. This option's primary use case is to fixup the occasional timestamps that have a negative delta time relative to previous packet. This feature is related to (but does not depend on) capinfos enhancement submitted in bug #4315 which helps identify tracefiles with "out-of-order" packets. svn path=/trunk/; revision=33042
2009-05-12SYNOPSYS --> SYNOPSISBill Meier1-1/+1
svn path=/trunk/; revision=28338
2009-05-12Update man pages; Add several missing options; Fix typos, Do minor rewording; Bill Meier1-8/+14
editcap: Add description of -i option; dumpcap: Add description of -S option; svn path=/trunk/; revision=28336
2009-05-02From Reinhard Speyerer:Jaap Keuter1-2/+2
This patch fixes several misspellings/typos in Wireshark documentation. svn path=/trunk/; revision=28240
2009-04-17From Jim Young <jyoung@gsu.edu>:Balint Reczey1-15/+99
- New duplicate packet removal options for editcap https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3168 I changed the patch a bit: - Adapted to 80 chars wide screen - Merged -w and -W parameters svn path=/trunk/; revision=28074
2006-08-10Add some programs to 'see also'Jörg Mayer1-1/+2
svn path=/trunk/; revision=18867
2006-07-27Add duplicate frame detection (and removal) to editcap. (Some switchesGerald Combs1-0/+7
generate duplicate packets when a mirror/SPAN port is misconfigured). svn path=/trunk/; revision=18800
2006-07-13Add a note how to change headers (od+text2pcap)Jörg Mayer1-2/+3
svn path=/trunk/; revision=18725
2006-07-10Remove the numeric component in man page links.Gerald Combs1-1/+1
svn path=/trunk/; revision=18698
2006-07-09Use L<> on all links.Guy Harris1-7/+8
Don't use anything on man page references - pod2man handles that. Don't refer to "the capture file format section" of the Wireshark man page, as there's no section explicitly labelled as such; just refer to the beginning of the DESCRIPTION section. svn path=/trunk/; revision=18694
2006-05-31Rename the main executable to "wireshark", along with more conversions:Gerald Combs1-7/+7
ethereal.com -> wireshark.org mailing lists and addresses ETHEREAL -> WIRESHARK Man pages Automake/Autoconf names svn path=/trunk/; revision=18271
2006-05-22ethereal->wiresharkRonnie Sahlberg1-1/+1
svn path=/trunk/; revision=18207
2006-03-13Add -A <start time> and -B <stop time> options to editcapLuis Ontanon1-0/+12
svn path=/trunk/; revision=17614
2006-01-11instead of repeating the capture file format description over and over again ↵Ulf Lamping1-108/+24
(this list also tends to become outdated), just give a small description and refer to the Ethereal man page svn path=/trunk/; revision=16997
2006-01-10added <>: [-c packets per file] -> [-c <packets per file>]Ulf Lamping1-20/+23
update to my latest command line changes svn path=/trunk/; revision=16992
2006-01-09complete redesign of this manpageUlf Lamping1-153/+164
svn path=/trunk/; revision=16982
2005-12-22Jaap Keuter:Jörg Mayer1-0/+10
Add the documentation part of the fix for bug 379 svn path=/trunk/; revision=16876
2005-10-27simply use 4 spaces for example indentation and formattingUlf Lamping1-31/+7
svn path=/trunk/; revision=16330
2005-10-27Synopsis: don't prepend an optional - before the first record number, it ↵Ulf Lamping1-1/+1
won't work svn path=/trunk/; revision=16328
2005-10-26from Jaap Keuter:Ulf Lamping1-1/+63
The attached patch extends the synopsys and adds an 'Examples' chapter to the editcap documentation. I've edited this a bit, without the real knowledge :-(, to make it: a. look better b. make more sense (at least to me) svn path=/trunk/; revision=16325
2005-10-06add missing -E parameter to the Options sectionUlf Lamping1-0/+4
svn path=/trunk/; revision=16138
2005-04-10Add an option to Editcap that adds various types of errors to the capture Gerald Combs1-3/+10
file. svn path=/trunk/; revision=14046
2004-04-25build a list of the input file formats instead of a floating text,Ulf Lamping1-20/+87
added program names to HTML titles, various minor fixes svn path=/trunk/; revision=10686
2004-02-11Include EyeSDN USB S0 trace files in the list of file formats we read.Guy Harris1-6/+6
svn path=/trunk/; revision=10040
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-23 18:42:07 +0000