diff options
author | Chris Maynard <Christopher.Maynard@GTECH.COM> | 2012-03-15 14:50:07 +0000 |
---|---|---|
committer | Chris Maynard <Christopher.Maynard@GTECH.COM> | 2012-03-15 14:50:07 +0000 |
commit | 9c7b936e791e9ca34fdbeec3b628183cc4e163d1 (patch) | |
tree | 7d10b838a9ab9c2d77e0d04b6e4d7b0b618b9ff7 /doc/editcap.pod | |
parent | 2ef7d8fe8313bbace6c8165da23c4a79cbf49e9b (diff) |
Sort the options. Delete all the line-terminating "g's" added in 40820.
svn path=/trunk/; revision=41563
Diffstat (limited to 'doc/editcap.pod')
-rw-r--r-- | doc/editcap.pod | 216 |
1 files changed, 108 insertions, 108 deletions
diff --git a/doc/editcap.pod b/doc/editcap.pod index f399c716ab..b2dc187731 100644 --- a/doc/editcap.pod +++ b/doc/editcap.pod @@ -6,22 +6,22 @@ editcap - Edit and/or translate the format of capture files =head1 SYNOPSIS B<editcap> +S<[ B<-A> E<lt>start timeE<gt> ]> +S<[ B<-B> E<lt>stop timeE<gt> ]> S<[ B<-c> E<lt>packets per fileE<gt> ]> S<[ B<-C> E<lt>choplenE<gt> ]> S<[ B<-E> E<lt>error probabilityE<gt> ]> S<[ B<-F> E<lt>file formatE<gt> ]> -S<[ B<-W> E<lt>file format optionE<gt>]> -S<[ B<-H> E<lt>input hosts file<gt> ]> -S<[ B<-A> E<lt>start timeE<gt> ]> -S<[ B<-B> E<lt>stop timeE<gt> ]> S<[ B<-h> ]> +S<[ B<-H> E<lt>input hosts file<gt> ]> S<[ B<-i> E<lt>seconds per fileE<gt> ]> S<[ B<-r> ]> S<[ B<-s> E<lt>snaplenE<gt> ]> -S<[ B<-t> E<lt>time adjustmentE<gt> ]> S<[ B<-S> E<lt>strict time adjustmentE<gt> ]> +S<[ B<-t> E<lt>time adjustmentE<gt> ]> S<[ B<-T> E<lt>encapsulation typeE<gt> ]> S<[ B<-v> ]> +S<[ B<-W> E<lt>file format optionE<gt>]> I<infile> I<outfile> S<[ I<packet#>[-I<packet#>] ... ]> @@ -36,14 +36,14 @@ I<outfile> =head1 DESCRIPTION -B<Editcap> is a program that reads some or all of the captured packets from theg -I<infile>, optionally converts them in various ways and writes theg -resulting packets to the capture I<outfile> (or outfiles).g +B<Editcap> is a program that reads some or all of the captured packets from the +I<infile>, optionally converts them in various ways and writes the +resulting packets to the capture I<outfile> (or outfiles). -By default, it reads all packets from the I<infile> and writes them to theg +By default, it reads all packets from the I<infile> and writes them to the I<outfile> in libpcap file format. -An optional list of packet numbers can be specified on the command tail;g +An optional list of packet numbers can be specified on the command tail; individual packet numbers separated by whitespace and/or ranges of packet numbers can be specified as I<start>-I<end>, referring to all packets from I<start> to I<end>. By default the selected packets with those numbers will @@ -55,9 +55,9 @@ B<Editcap> can also be used to remove duplicate packets. Several different options (B<-d>, B<-D> and B<-w>) are used to control the packet window or relative time window to be used for duplicate comparison. -B<Editcap> is able to detect, read and write the same capture files thatg +B<Editcap> is able to detect, read and write the same capture files that are supported by B<Wireshark>. -The input file doesn't need a specific filename extension; the fileg +The input file doesn't need a specific filename extension; the file format and an optional gzip compression will be automatically detected. Near the beginning of the DESCRIPTION section of wireshark(1) or L<http://www.wireshark.org/docs/man-pages/wireshark.html> @@ -72,12 +72,22 @@ file; B<editcap -F> provides a list of the available output formats. =over 4 +=item -A E<lt>start timeE<gt> + +Saves only the packets whose timestamp is on or after start time. +The time is given in the following format YYYY-MM-DD HH:MM:SS + +=item -B E<lt>stop timeE<gt> + +Saves only the packets whose timestamp is before stop time. +The time is given in the following format YYYY-MM-DD HH:MM:SS + =item -c E<lt>packets per fileE<gt> Splits the packet output to different files based on uniform packet counts -with a maximum of <packets per file> each. Each output file willg -be created with a suffix -nnnnn, starting with 00000. If the specifiedg -number of packets is written to the output file, the next output file isg +with a maximum of <packets per file> each. Each output file will +be created with a suffix -nnnnn, starting with 00000. If the specified +number of packets is written to the output file, the next output file is opened. The default is to use a single output file. =item -C E<lt>choplenE<gt> @@ -92,8 +102,8 @@ bytes at the end of each packet. =item -d -Attempts to remove duplicate packets. The length and MD5 hash of theg -current packet are compared to the previous four (4) packets. If ag +Attempts to remove duplicate packets. The length and MD5 hash of the +current packet are compared to the previous four (4) packets. If a match is found, the current packet is skipped. This option is equivalent to using the option B<-D 5>. @@ -114,33 +124,11 @@ The <dup window> is specified as an integer value between 0 and 1000000 (inclusi NOTE: Specifying large <dup window> values with large tracefiles can result in very long processing times for B<editcap>. -=item -w E<lt>dup time windowE<gt> - -Attempts to remove duplicate packets. The current packet's arrival time -is compared with up to 1000000 previous packets. If the packet's relative -arrival time is I<less than or equal to> the <dup time window> of a previous packet -and the packet length and MD5 hash of the current packet are the same then -the packet to skipped. The duplicate comparison test stops when -the current packet's relative arrival time is greater than <dup time window>. - -The <dup time window> is specified as I<seconds>[I<.fractional seconds>]. - -The [.fractional seconds] component can be specified to nine (9) decimal -places (billionths of a second) but most typical trace files have resolution -to six (6) decimal places (millionths of a second). - -NOTE: Specifying large <dup time window> values with large tracefiles can -result in very long processing times for B<editcap>. - -NOTE: The B<-w> option assumes that the packets are in chronological order.g -If the packets are NOT in chronological order then the B<-w> duplicationg -removal option may not identify some duplicates. - =item -E E<lt>error probabilityE<gt> Sets the probability that bytes in the output file are randomly changed. -B<Editcap> uses that probability (between 0.0 and 1.0 inclusive)g -to apply errors to each data byte in the file. For instance, ag +B<Editcap> uses that probability (between 0.0 and 1.0 inclusive) +to apply errors to each data byte in the file. For instance, a probability of 0.02 means that each byte has a 2% chance of having an error. This option is meant to be used for fuzz-testing protocol dissectors. @@ -148,25 +136,13 @@ This option is meant to be used for fuzz-testing protocol dissectors. =item -F E<lt>file formatE<gt> Sets the file format of the output capture file. -B<Editcap> can write the file in several formats, B<editcap -F>g +B<Editcap> can write the file in several formats, B<editcap -F> provides a list of the available output formats. The default is the B<libpcap> format. -=item -W E<lt>file format optionE<gt> - -Save extra information in the file if the format supports it. For -example, - - -F pcapng -W n - -will save host name resolution records along with captured packets. - -Future versions of Wireshark may automatically change the capture format to -B<pcapng> as needed. - -The argument is a string that may contain the following letter: +=item -h -B<n> write network address resolution information (pcapng only) +Prints the version and options and exits. =item -H E<lt>input "hosts" fileE<gt> @@ -176,26 +152,12 @@ the output file. Implies B<-W n>. The input file format is described at L<http://en.wikipedia.org/wiki/Hosts_%28file%29>. -=item -A E<lt>start timeE<gt> - -Saves only the packets whose timestamp is on or after start time. -The time is given in the following format YYYY-MM-DD HH:MM:SS - -=item -B E<lt>stop timeE<gt> - -Saves only the packets whose timestamp is before stop time. -The time is given in the following format YYYY-MM-DD HH:MM:SS - -=item -h - -Prints the version and options and exits. - =item -i E<lt>seconds per fileE<gt> Splits the packet output to different files based on uniform time intervals -using a maximum interval of <seconds per file> each. Each output file willg -be created with a suffix -nnnnn, starting with 00000. If packets for the specifiedg -time interval are written to the output file, the next output file isg +using a maximum interval of <seconds per file> each. Each output file will +be created with a suffix -nnnnn, starting with 00000. If packets for the specified +time interval are written to the output file, the next output file is opened. The default is to use a single output file. =item -r @@ -210,7 +172,7 @@ Sets the snapshot length to use when writing the data. If the B<-s> flag is used to specify a snapshot length, packets in the input file with more captured data than the specified snapshot length will have only the amount of data specified by the snapshot length -written to the output file.g +written to the output file. This may be useful if the program that is to read the output file cannot handle packets larger than a certain size @@ -219,61 +181,61 @@ appear to reject Ethernet packets larger than the standard Ethernet MTU, making them incapable of handling gigabit Ethernet captures if jumbo packets were used). -=item -t E<lt>time adjustmentE<gt> - -Sets the time adjustment to use on selected packets. -If the B<-t> flag is used to specify a time adjustment, the specified -adjustment will be applied to all selected packets in the capture file. -The adjustment is specified as [-]I<seconds>[I<.fractional seconds>]. -For example, B<-t> 3600 advances the timestamp on selected packets by one -hour while B<-t> -0.5 reduces the timestamp on selected packets by -one-half second.g - -This feature is useful when synchronizing dumps -collected on different machines where the time difference between the -two machines is known or can be estimated. - =item -S E<lt>strict time adjustmentE<gt> -Time adjust selected packets to insure strict chronological order.g +Time adjust selected packets to insure strict chronological order. The <strict time adjustment> value represents relative seconds specified as [-]I<seconds>[I<.fractional seconds>]. -As the capture file is processed each packet's absolute time isg -I<possibly> adjusted to be equal to or greater than the previousg -packet's absolute timestamp depending on the <strict timeg -adjustment> value.g - -If <strict time adjustment> value is 0 or greater (e.g. 0.000001)g -then B<only> packets with a timestamp less than the previous packetg -will adjusted. The adjusted timestamp value will be set to beg -equal to the timestamp value of the previous packet plus the valueg -of the <strict time adjustment> value. A <strict time adjustment>g -value of 0 will adjust the minimum number of timestamp valuesg -necessary to insure that the resulting capture file is ing +As the capture file is processed each packet's absolute time is +I<possibly> adjusted to be equal to or greater than the previous +packet's absolute timestamp depending on the <strict time +adjustment> value. + +If <strict time adjustment> value is 0 or greater (e.g. 0.000001) +then B<only> packets with a timestamp less than the previous packet +will adjusted. The adjusted timestamp value will be set to be +equal to the timestamp value of the previous packet plus the value +of the <strict time adjustment> value. A <strict time adjustment> +value of 0 will adjust the minimum number of timestamp values +necessary to insure that the resulting capture file is in strict chronological order. -If <strict time adjustment> value is specified as ag -negative value, then the timestamp values of B<all>g -packets will be adjusted to be equal to the timestamp valueg -of the previous packet plus the absolute value of theg +If <strict time adjustment> value is specified as a +negative value, then the timestamp values of B<all> +packets will be adjusted to be equal to the timestamp value +of the previous packet plus the absolute value of the <lt>strict time adjustment<gt> value. A <strict time adjustment> value of -0 will result in all packets having the timestamp value of the first packet. This feature is useful when the trace file has an occasional -packet with a negative delta time relative to the previousg +packet with a negative delta time relative to the previous packet. +=item -t E<lt>time adjustmentE<gt> + +Sets the time adjustment to use on selected packets. +If the B<-t> flag is used to specify a time adjustment, the specified +adjustment will be applied to all selected packets in the capture file. +The adjustment is specified as [-]I<seconds>[I<.fractional seconds>]. +For example, B<-t> 3600 advances the timestamp on selected packets by one +hour while B<-t> -0.5 reduces the timestamp on selected packets by +one-half second. + +This feature is useful when synchronizing dumps +collected on different machines where the time difference between the +two machines is known or can be estimated. + =item -T E<lt>encapsulation typeE<gt> Sets the packet encapsulation type of the output capture file. If the B<-T> flag is used to specify an encapsulation type, the encapsulation type of the output capture file will be forced to the -specified type.g +specified type. B<editcap -T> provides a list of the available types. The default -type is the one appropriate to the encapsulation type of the inputg +type is the one appropriate to the encapsulation type of the input capture file. Note: this merely @@ -293,6 +255,44 @@ Use of B<-v> with the de-duplication switches of B<-d>, B<-D> or B<-w> will cause all MD5 hashes to be printed whether the packet is skipped or not. +=item -w E<lt>dup time windowE<gt> + +Attempts to remove duplicate packets. The current packet's arrival time +is compared with up to 1000000 previous packets. If the packet's relative +arrival time is I<less than or equal to> the <dup time window> of a previous packet +and the packet length and MD5 hash of the current packet are the same then +the packet to skipped. The duplicate comparison test stops when +the current packet's relative arrival time is greater than <dup time window>. + +The <dup time window> is specified as I<seconds>[I<.fractional seconds>]. + +The [.fractional seconds] component can be specified to nine (9) decimal +places (billionths of a second) but most typical trace files have resolution +to six (6) decimal places (millionths of a second). + +NOTE: Specifying large <dup time window> values with large tracefiles can +result in very long processing times for B<editcap>. + +NOTE: The B<-w> option assumes that the packets are in chronological order. +If the packets are NOT in chronological order then the B<-w> duplication +removal option may not identify some duplicates. + +=item -W E<lt>file format optionE<gt> + +Save extra information in the file if the format supports it. For +example, + + -F pcapng -W n + +will save host name resolution records along with captured packets. + +Future versions of Wireshark may automatically change the capture format to +B<pcapng> as needed. + +The argument is a string that may contain the following letter: + +B<n> write network address resolution information (pcapng only) + =back =head1 EXAMPLES |