diff options
author | Ulf Lamping <ulf.lamping@web.de> | 2005-10-26 21:08:24 +0000 |
---|---|---|
committer | Ulf Lamping <ulf.lamping@web.de> | 2005-10-26 21:08:24 +0000 |
commit | e43c7d56fe58e3f5a6325b6aca1b0b2a83280d42 (patch) | |
tree | a34607f2a114463174c34e9aecc3450c90556a31 | |
parent | de27c8a83170db253ddbd5726ae4e34c9c3751fb (diff) |
from Jaap Keuter:
The attached patch extends the synopsys and adds an 'Examples' chapter to
the editcap documentation.
I've edited this a bit, without the real knowledge :-(, to make it:
a. look better
b. make more sense (at least to me)
svn path=/trunk/; revision=16325
-rw-r--r-- | doc/editcap.pod | 64 |
1 files changed, 63 insertions, 1 deletions
diff --git a/doc/editcap.pod b/doc/editcap.pod index 9e97caae0e..d0fc3b7599 100644 --- a/doc/editcap.pod +++ b/doc/editcap.pod @@ -16,7 +16,7 @@ S<[ B<-T> encapsulation type ]> S<[ B<-v> ]> I<infile> I<outfile> -S<[ I<record#> ... ]> +S<[ [-]I<record#>[-I<record#>] ... ]> =head1 DESCRIPTION @@ -211,6 +211,68 @@ Prints the version and options and exits. =back +=head1 EXAMPLES + +To see more detailed description of the options use: + +=over 4 + + editcap -h + +=back + +To shrink the capture file by truncating the packets at 64 bytes and writing it as Sun snoop file use: + +=over 4 + + editcap -s 64 -F snoop capture.pcap shortcapture.snoop + +=back + +To delete packet 1000 from the capture file use: + +=over 4 + + editcap capture.pcap sans1000.pcap 1000 + +=back + +To limit a capture file to packets from number 200 to 750 (inclusive) use: + +=over 4 + + editcap -r capture.pcap small.pcap 200-750 + +=back + +To get all packets from number 1-500 (inclusive) use: + +=over 4 + + editcap -r capture.pcap 500.pcap 1-500 + +or + + editcap capture.pcap 500.pcap 501-9999999 + +=back + +To filter out packets 10 to 20 and 30 to 40 into a new file use: + +=over 4 + + editcap capture.pcap selection.pcap 10-20 30-40 + +=back + +To introduce 5% random errors in a capture file use: + +=over 4 + + editcap -E 0.05 capture.pcap capture_error.pcap + +=back + =head1 SEE ALSO I<tcpdump(8)>, I<pcap(3)>, I<ethereal(1)>, I<mergecap(1)> |