From 801392d5d336b5bc1ebe0d605690c2c5b2653792 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Mayer?= Date: Fri, 3 Feb 2012 09:07:24 +0000 Subject: The libpcap puts pcap-filter into the misc section (which seems to be 7). Refer to pcap-filter and mention tcpdump only as a fallback. svn path=/trunk/; revision=40820 --- doc/capinfos.pod | 4 +-- doc/dumpcap.pod | 6 ++-- doc/editcap.pod | 88 +++++++++++++++++++++++----------------------- doc/mergecap.pod | 4 +-- doc/rawshark.pod | 4 +-- doc/text2pcap.pod | 20 +++++------ doc/tshark.pod | 6 ++-- doc/wireshark-filter.pod | 5 +-- doc/wireshark.pod.template | 6 ++-- 9 files changed, 72 insertions(+), 71 deletions(-) (limited to 'doc') diff --git a/doc/capinfos.pod b/doc/capinfos.pod index 49a260ab67..b1b89e006f 100644 --- a/doc/capinfos.pod +++ b/doc/capinfos.pod @@ -319,8 +319,8 @@ into spreadsheet applications. =head1 SEE ALSO -tcpdump(8), pcap(3), wireshark(1), mergecap(1), editcap(1), tshark(1), -dumpcap(1) +pcap(3), wireshark(1), mergecap(1), editcap(1), tshark(1), +dumpcap(1), pcap-filter(7) or tcpdump(8) if it doesn't exist =head1 NOTES diff --git a/doc/dumpcap.pod b/doc/dumpcap.pod index 7e2c83b57c..f7e27c938d 100644 --- a/doc/dumpcap.pod +++ b/doc/dumpcap.pod @@ -315,13 +315,13 @@ the default capture link type is used if provided. =head1 CAPTURE FILTER SYNTAX -See the manual page of pcap-filter(4) or, if that doesn't exist, tcpdump(8), +See the manual page of pcap-filter(7) or, if that doesn't exist, tcpdump(8), or, if that doesn't exist, L. =head1 SEE ALSO -wireshark(1), tshark(1), editcap(1), mergecap(1), capinfos(1), pcap-filter(4), -tcpdump(8), pcap(3) +wireshark(1), tshark(1), editcap(1), mergecap(1), capinfos(1), pcap(3), +pcap-filter(7) or tcpdump(8) if it doesn't exist. =head1 NOTES diff --git a/doc/editcap.pod b/doc/editcap.pod index deea34ea76..f399c716ab 100644 --- a/doc/editcap.pod +++ b/doc/editcap.pod @@ -36,14 +36,14 @@ I =head1 DESCRIPTION -B is a program that reads some or all of the captured packets from the -I, optionally converts them in various ways and writes the -resulting packets to the capture I (or outfiles). +B is a program that reads some or all of the captured packets from theg +I, optionally converts them in various ways and writes theg +resulting packets to the capture I (or outfiles).g -By default, it reads all packets from the I and writes them to the +By default, it reads all packets from the I and writes them to theg I in libpcap file format. -An optional list of packet numbers can be specified on the command tail; +An optional list of packet numbers can be specified on the command tail;g individual packet numbers separated by whitespace and/or ranges of packet numbers can be specified as I-I, referring to all packets from I to I. By default the selected packets with those numbers will @@ -55,9 +55,9 @@ B can also be used to remove duplicate packets. Several different options (B<-d>, B<-D> and B<-w>) are used to control the packet window or relative time window to be used for duplicate comparison. -B is able to detect, read and write the same capture files that +B is able to detect, read and write the same capture files thatg are supported by B. -The input file doesn't need a specific filename extension; the file +The input file doesn't need a specific filename extension; the fileg format and an optional gzip compression will be automatically detected. Near the beginning of the DESCRIPTION section of wireshark(1) or L @@ -75,9 +75,9 @@ file; B provides a list of the available output formats. =item -c Epackets per fileE Splits the packet output to different files based on uniform packet counts -with a maximum of each. Each output file will -be created with a suffix -nnnnn, starting with 00000. If the specified -number of packets is written to the output file, the next output file is +with a maximum of each. Each output file willg +be created with a suffix -nnnnn, starting with 00000. If the specifiedg +number of packets is written to the output file, the next output file isg opened. The default is to use a single output file. =item -C EchoplenE @@ -92,8 +92,8 @@ bytes at the end of each packet. =item -d -Attempts to remove duplicate packets. The length and MD5 hash of the -current packet are compared to the previous four (4) packets. If a +Attempts to remove duplicate packets. The length and MD5 hash of theg +current packet are compared to the previous four (4) packets. If ag match is found, the current packet is skipped. This option is equivalent to using the option B<-D 5>. @@ -132,15 +132,15 @@ to six (6) decimal places (millionths of a second). NOTE: Specifying large values with large tracefiles can result in very long processing times for B. -NOTE: The B<-w> option assumes that the packets are in chronological order. -If the packets are NOT in chronological order then the B<-w> duplication +NOTE: The B<-w> option assumes that the packets are in chronological order.g +If the packets are NOT in chronological order then the B<-w> duplicationg removal option may not identify some duplicates. =item -E Eerror probabilityE Sets the probability that bytes in the output file are randomly changed. -B uses that probability (between 0.0 and 1.0 inclusive) -to apply errors to each data byte in the file. For instance, a +B uses that probability (between 0.0 and 1.0 inclusive)g +to apply errors to each data byte in the file. For instance, ag probability of 0.02 means that each byte has a 2% chance of having an error. This option is meant to be used for fuzz-testing protocol dissectors. @@ -148,7 +148,7 @@ This option is meant to be used for fuzz-testing protocol dissectors. =item -F Efile formatE Sets the file format of the output capture file. -B can write the file in several formats, B +B can write the file in several formats, Bg provides a list of the available output formats. The default is the B format. @@ -193,9 +193,9 @@ Prints the version and options and exits. =item -i Eseconds per fileE Splits the packet output to different files based on uniform time intervals -using a maximum interval of each. Each output file will -be created with a suffix -nnnnn, starting with 00000. If packets for the specified -time interval are written to the output file, the next output file is +using a maximum interval of each. Each output file willg +be created with a suffix -nnnnn, starting with 00000. If packets for the specifiedg +time interval are written to the output file, the next output file isg opened. The default is to use a single output file. =item -r @@ -210,7 +210,7 @@ Sets the snapshot length to use when writing the data. If the B<-s> flag is used to specify a snapshot length, packets in the input file with more captured data than the specified snapshot length will have only the amount of data specified by the snapshot length -written to the output file. +written to the output file.g This may be useful if the program that is to read the output file cannot handle packets larger than a certain size @@ -227,7 +227,7 @@ adjustment will be applied to all selected packets in the capture file. The adjustment is specified as [-]I[I<.fractional seconds>]. For example, B<-t> 3600 advances the timestamp on selected packets by one hour while B<-t> -0.5 reduces the timestamp on selected packets by -one-half second. +one-half second.g This feature is useful when synchronizing dumps collected on different machines where the time difference between the @@ -235,35 +235,35 @@ two machines is known or can be estimated. =item -S Estrict time adjustmentE -Time adjust selected packets to insure strict chronological order. +Time adjust selected packets to insure strict chronological order.g The value represents relative seconds specified as [-]I[I<.fractional seconds>]. -As the capture file is processed each packet's absolute time is -I adjusted to be equal to or greater than the previous -packet's absolute timestamp depending on the value. - -If value is 0 or greater (e.g. 0.000001) -then B packets with a timestamp less than the previous packet -will adjusted. The adjusted timestamp value will be set to be -equal to the timestamp value of the previous packet plus the value -of the value. A -value of 0 will adjust the minimum number of timestamp values -necessary to insure that the resulting capture file is in +As the capture file is processed each packet's absolute time isg +I adjusted to be equal to or greater than the previousg +packet's absolute timestamp depending on the value.g + +If value is 0 or greater (e.g. 0.000001)g +then B packets with a timestamp less than the previous packetg +will adjusted. The adjusted timestamp value will be set to beg +equal to the timestamp value of the previous packet plus the valueg +of the value. A g +value of 0 will adjust the minimum number of timestamp valuesg +necessary to insure that the resulting capture file is ing strict chronological order. -If value is specified as a -negative value, then the timestamp values of B -packets will be adjusted to be equal to the timestamp value -of the previous packet plus the absolute value of the +If value is specified as ag +negative value, then the timestamp values of Bg +packets will be adjusted to be equal to the timestamp valueg +of the previous packet plus the absolute value of theg strict time adjustment value. A value of -0 will result in all packets having the timestamp value of the first packet. This feature is useful when the trace file has an occasional -packet with a negative delta time relative to the previous +packet with a negative delta time relative to the previousg packet. =item -T Eencapsulation typeE @@ -271,9 +271,9 @@ packet. Sets the packet encapsulation type of the output capture file. If the B<-T> flag is used to specify an encapsulation type, the encapsulation type of the output capture file will be forced to the -specified type. +specified type.g B provides a list of the available types. The default -type is the one appropriate to the encapsulation type of the input +type is the one appropriate to the encapsulation type of the inputg capture file. Note: this merely @@ -368,8 +368,8 @@ To introduce 5% random errors in a capture file use: =head1 SEE ALSO -tcpdump(8), pcap(3), wireshark(1), tshark(1), mergecap(1), dumpcap(1), -capinfos(1), text2pcap(1), od(1) +pcap(3), wireshark(1), tshark(1), mergecap(1), dumpcap(1), capinfos(1), +text2pcap(1), od(1), pcap-filter(7) or tcpdump(8) if it doesn't exist. =head1 NOTES diff --git a/doc/mergecap.pod b/doc/mergecap.pod index f0315cdd02..34937a0f45 100644 --- a/doc/mergecap.pod +++ b/doc/mergecap.pod @@ -133,8 +133,8 @@ seconds.) =head1 SEE ALSO -tcpdump(8), pcap(3), wireshark(1), tshark(1), dumpcap(1), editcap(1), -text2pcap(1) +pcap(3), wireshark(1), tshark(1), dumpcap(1), editcap(1), text2pcap(1), +pcap-filter(7) or tcpdump(8) if it doesn't exist. =head1 NOTES diff --git a/doc/rawshark.pod b/doc/rawshark.pod index 5b113a5db4..71196e82ce 100644 --- a/doc/rawshark.pod +++ b/doc/rawshark.pod @@ -485,8 +485,8 @@ auditing code. =head1 SEE ALSO -wireshark-filter(4), wireshark(1), tshark(1), editcap(1), tcpdump(8), -pcap(3), dumpcap(1), text2pcap(1) +wireshark-filter(4), wireshark(1), tshark(1), editcap(1), pcap(3), dumpcap(1), +text2pcap(1), pcap-filter(7) or tcpdump(8) if it doesn't exist. =head1 NOTES diff --git a/doc/text2pcap.pod b/doc/text2pcap.pod index 070d73378d..ffd141c982 100644 --- a/doc/text2pcap.pod +++ b/doc/text2pcap.pod @@ -120,7 +120,7 @@ packets. Include a dummy Ethernet header before each packet. Specify the L3PID for the Ethernet header in hex. Use this option if your dump has Layer 3 header and payload (e.g. IP header), but no Layer 2 -encapsulation. Example: I<-e 0x806> to specify an ARP packet. +encapsulation. Example: I<-e 0x806> to specify an ARP packet. For IP packets, instead of generating a fake Ethernet header you can also use I<-l 12> to indicate a raw IP packet to Wireshark. Note that @@ -134,7 +134,7 @@ Include dummy IP headers before each packet. Specify the IP protocol for the packet in decimal. Use this option if your dump is the payload of an IP packet (i.e. has complete L4 information) but does not have an IP header with each packet. Note that an appropriate Ethernet header -is automatically included with each packet as well. +is automatically included with each packet as well. Example: I<-i 46> to specify an RSVP packet (IP protocol 46). =item -m Emax-packetE @@ -153,8 +153,8 @@ TCP packets. Include dummy UDP headers before each packet. Specify the source and destination UDP ports for the packet in decimal. Use this option if your dump is the UDP payload of a packet but does not include any UDP, -IP or Ethernet headers. Note that appropriate Ethernet and IP headers -are automatically also included with each packet. +IP or Ethernet headers. Note that appropriate Ethernet and IP headers +are automatically also included with each packet. Example: I<-u1000,69> to make the packets look like TFTP/UDP packets. =item -T EsrcportE,EdestportE @@ -162,16 +162,16 @@ Example: I<-u1000,69> to make the packets look like TFTP/UDP packets. Include dummy TCP headers before each packet. Specify the source and destination TCP ports for the packet in decimal. Use this option if your dump is the TCP payload of a packet but does not include any TCP, -IP or Ethernet headers. Note that appropriate Ethernet and IP headers +IP or Ethernet headers. Note that appropriate Ethernet and IP headers are automatically also included with each packet. Sequence numbers will start at 0. =item -s EsrcportE,EdestportE,EtagE Include dummy SCTP headers before each packet. Specify, in decimal, the -source and destination SCTP ports, and verification tag, for the packet. +source and destination SCTP ports, and verification tag, for the packet. Use this option if your dump is the SCTP payload of a packet but does -not include any SCTP, IP or Ethernet headers. Note that appropriate +not include any SCTP, IP or Ethernet headers. Note that appropriate Ethernet and IP headers are automatically also included with each packet. A CRC32C checksum will be put into the SCTP header. @@ -182,7 +182,7 @@ source and destination SCTP ports, and a verification tag of 0, for the packet, and prepend a dummy SCTP DATA chunk header with a payload protocol identifier if I. Use this option if your dump is the SCTP payload of a packet but does not include any SCTP, IP or Ethernet -headers. Note that appropriate Ethernet and IP headers are +headers. Note that appropriate Ethernet and IP headers are automatically included with each packet. A CRC32C checksum will be put into the SCTP header. @@ -210,8 +210,8 @@ B Do not enable it if the input file does not contain the ASCII text dump =head1 SEE ALSO -od(1), tcpdump(8), pcap(3), wireshark(1), tshark(1), dumpcap(1), mergecap(1), -editcap(1), strptime(3). +od(1), pcap(3), wireshark(1), tshark(1), dumpcap(1), mergecap(1), +editcap(1), strptime(3), pcap-filter(7) or tcpdump(8) if it doesn't exist. =head1 NOTES diff --git a/doc/tshark.pod b/doc/tshark.pod index 242aec0d0a..3f9c1f5789 100644 --- a/doc/tshark.pod +++ b/doc/tshark.pod @@ -1273,7 +1273,7 @@ include the tcp protocol, with a severity of note or higher. =head1 CAPTURE FILTER SYNTAX -See the manual page of pcap-filter(4) or, if that doesn't exist, tcpdump(8), +See the manual page of pcap-filter(7) or, if that doesn't exist, tcpdump(8), or, if that doesn't exist, L. =head1 READ FILTER SYNTAX @@ -1526,8 +1526,8 @@ auditing code. =head1 SEE ALSO -wireshark-filter(4), wireshark(1), editcap(1), pcap-filter(4), tcpdump(8), -pcap(3), dumpcap(1), text2pcap(1), mergecap(1) +wireshark-filter(4), wireshark(1), editcap(1), pcap(3), dumpcap(1), +text2pcap(1), mergecap(1), pcap-filter(7) or tcpdump(8) if it doesn't exist. =head1 NOTES diff --git a/doc/wireshark-filter.pod b/doc/wireshark-filter.pod index 8b9e62153b..c91eb35143 100644 --- a/doc/wireshark-filter.pod +++ b/doc/wireshark-filter.pod @@ -410,13 +410,14 @@ Regular expressions in the "matches" operator are provided with B, the Perl-Compatible Regular Expressions library: see B. This manpage does not describe the capture filter syntax, which is -different. See the manual page of pcap-filter(4) or, if that doesn't exist, +different. See the manual page of pcap-filter(7) or, if that doesn't exist, tcpdump(8), or, if that doesn't exist, L for a description of capture filters. =head1 SEE ALSO -wireshark(1), tshark(1), editcap(1), pcap-filter(4), tcpdump(8), pcap(3) +wireshark(1), tshark(1), editcap(1), pcap(3), pcap-filter(7) or tcpdump(8) if it +doesn't exist. =head1 AUTHORS diff --git a/doc/wireshark.pod.template b/doc/wireshark.pod.template index 0e155a3ee0..88f122d99e 100644 --- a/doc/wireshark.pod.template +++ b/doc/wireshark.pod.template @@ -2435,7 +2435,7 @@ protocols built into Wireshark are. =head1 CAPTURE FILTER SYNTAX -See the manual page of pcap-filter(4) or, if that doesn't exist, tcpdump(8), +See the manual page of pcap-filter(7) or, if that doesn't exist, tcpdump(8), or, if that doesn't exist, L. =head1 DISPLAY FILTER SYNTAX @@ -2799,8 +2799,8 @@ of the capture after it stops; it's primarily useful for testing. =head1 SEE ALSO -wireshark-filter(4), tshark(1), editcap(1), pcap-filter(4), tcpdump(8), -pcap(3), dumpcap(1), mergecap(1), text2pcap(1) +wireshark-filter(4), tshark(1), editcap(1), pcap(3), dumpcap(1), mergecap(1), +text2pcap(1), pcap-filter(7) or tcpdump(8) if it doesn't exist. =head1 NOTES -- cgit v1.2.3