diff options
| author | Guy Harris <guy@alum.mit.edu> | 2001-12-05 20:01:03 +0000 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2001-12-05 20:01:03 +0000 |
| commit | ee1094b140459cda7dc16098187b637f4eaf354d (patch) | |
| tree | 1950b482c1dae374fa99dac7b554e6f6c2e6c2ae /doc/editcap.pod | |
| parent | 15816babc10e8080908bf90d64bb37306e2fbd60 (diff) | |
Note that Ethereal's and Tethereal's native capture file format is
libpcap format, and say that it's also used by "other tools" (tcpdump
and Ethereal/Tethereal aren't the only tools that write captures in that
format).
Weaken the claim that we read Etherpeek files to say only that we read
Etherpeek versions 5, 6, and 7 for Macintosh, so people don't conclude
that we read Etherpeek-for-Windows captures (we don't).
svn path=/trunk/; revision=4337
Diffstat (limited to 'doc/editcap.pod')
| -rw-r--r-- | doc/editcap.pod | 32 |
1 files changed, 17 insertions, 15 deletions
diff --git a/doc/editcap.pod b/doc/editcap.pod index acd8e7eadb..7645932ee6 100644 --- a/doc/editcap.pod +++ b/doc/editcap.pod @@ -22,21 +22,23 @@ S<[ I<record#> ... ]> B<Editcap> is a program that reads a saved capture file and writes some or all of the packets in that capture file to another capture file. B<Editcap> knows how to read B<libpcap> capture files, including those -of B<tcpdump>. In addition, B<Editcap> can read capture files from -B<snoop> (including B<Shomiti>) and B<atmsnoop>, B<LanAlyzer>, -B<Sniffer> (compressed or uncompressed), Microsoft B<Network Monitor>, -AIX's B<iptrace>, B<NetXray>, B<Sniffer Pro>, B<Etherpeek>, B<RADCOM>'s -WAN/LAN analyzer, B<Lucent/Ascend> router debug output, HP-UX's -B<nettl>, the dump output from B<Toshiba's> ISDN routers, the output -from B<i4btrace> from the ISDN4BSD project, the output in B<IPLog> -format from the Cisco Secure Intrusion Detection System, B<pppd logs> -(pppdump format), the output from VMS's B<TCPIPtrace> utility, the text -output from the B<DBS Etherwatch> VMS utility, and traffic capture files -from Visual Networks' software. There is no need to tell B<Editcap> -what type of file you are reading; it will determine the file type by -itself. B<Editcap> is also capable of reading any of these file formats -if they are compressed using gzip. B<Editcap> recognizes this directly -from the file; the '.gz' extension is not required for this purpose. +of B<tcpdump>, B<Ethereal>, and other tools that write captures in that +format. In addition, B<Editcap> can read capture files from B<snoop> +(including B<Shomiti>) and B<atmsnoop>, B<LanAlyzer>, B<Sniffer> +(compressed or uncompressed), Microsoft B<Network Monitor>, AIX's +B<iptrace>, B<NetXray>, B<Sniffer Pro>, B<Etherpeek> versions 5, 6, and +7 for Macintosh, B<RADCOM>'s WAN/LAN analyzer, B<Lucent/Ascend> router +debug output, HP-UX's B<nettl>, the dump output from B<Toshiba's> ISDN +routers, the output from B<i4btrace> from the ISDN4BSD project, the +output in B<IPLog> format from the Cisco Secure Intrusion Detection +System, B<pppd logs> (pppdump format), the output from VMS's +B<TCPIPtrace> utility, the text output from the B<DBS Etherwatch> VMS +utility, and traffic capture files from Visual Networks' software. +There is no need to tell B<Editcap> what type of file you are reading; +it will determine the file type by itself. B<Editcap> is also capable +of reading any of these file formats if they are compressed using gzip. +B<Editcap> recognizes this directly from the file; the '.gz' extension +is not required for this purpose. By default, it writes the capture file in B<libpcap> format, and writes all of the packets in the capture file to the output file. The B<-F> |