aboutsummaryrefslogtreecommitdiffstats
path: root/doc/capinfos.pod
blob: 01639f7499f4abfb17ae1249a2c77b9c5e26b88e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
=head1 NAME

capinfos - Prints information about capture files

=head1 SYNOPSYS

B<capinfos>
S<[ B<-t> ]>
S<[ B<-c> ]>
S<[ B<-s> ]>
S<[ B<-d> ]>
S<[ B<-u> ]>
S<[ B<-a> ]>
S<[ B<-e> ]>
S<[ B<-y> ]>
S<[ B<-i> ]>
S<[ B<-z> ]>
S<[ B<-h> ]>
E<lt>I<infile>E<gt>
I<...>

=head1 DESCRIPTION

B<Capinfos> is a program that reads one or more capture files and
returns some or all available statistics of each E<lt>I<infile>E<gt>.

The user specifies which statistics to report by specifying flags 
corresponding to the statistic.  If no flags are specified, B<Capinfos> 
will report all statistics available.

B<Capinfos> is able to detect and read the same capture files that are 
supported by B<Wireshark>.
The input files don't need a specific filename extension, the file 
format and an optional gzip compression will be automatically detected.
The I<capture file format> section of I<wireshark(1)> or
I<http://www.wireshark.org/docs/man-pages/wireshark.1.html>
provides a detailed description.

=head1 OPTIONS

=over 4

=item -t

Displays the capture type of the capture file.

=item -c

Counts the number of packets in the capture file.

=item -s

Displays the size of the file, in bytes.  This reports
the size of the capture file itself.

=item -d

Displays the total length of all packets in the file, in
bytes.  This counts the size of the packets as they appeared
in their original form, not as they appear in this file.
For example, if a packet was originally 1514 bytes and only
256 of those bytes were saved to the capture file (if packets
were captured with a snaplen or other slicing option),
B<Capinfos> will consider the packet to have been 1514 bytes.

=item -u

Displays the capture duration, in seconds.  This is the
difference in time between the earliest packet seen and
latest packet seen.

=item -a

Displays the start time of the capture.  B<Capinfos> considers
the earliest timestamp seen to be the start time, so the
first packet in the capture is not necessarily the earliest -
if packets exist "out-of-order", time-wise, in the capture,
B<Capinfos> detects this.

=item -e

Displays the end time of the capture.  B<Capinfos> considers
the latest timestamp seen to be the end time, so the
last packet in the capture is not necessarily the latest -
if packets exist "out-of-order", time-wise, in the capture,
B<Capinfos> detects this.

=item -y

Displays the average data rate, in bytes

=item -i

Displays the average data rate, in bits

=item -z

displays the average packet size, in bytes

=item -h

Prints the help listing and exits.

=back

=head1 SEE ALSO

I<tcpdump(8)>, I<pcap(3)>, I<wireshark(1)>, I<mergecap(1)>, I<editcap(1)>, I<tshark(1)>

=head1 NOTES

B<Capinfos> is part of the B<Wireshark> distribution.  The latest version
of B<Wireshark> can be found at B<http://www.wireshark.org>.

HTML versions of the Wireshark project man pages are available at:
http://www.wireshark.org/docs/man-pages

=head1 AUTHORS

  Original Author
  -------- ------
  Ian Schorr           <ian[AT]ianschorr.com>


  Contributors
  ------------
  Gerald Combs         <gerald[AT]wireshark.org>