diff options
author | Guy Harris <guy@alum.mit.edu> | 2001-07-13 08:16:16 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2001-07-13 08:16:16 +0000 |
commit | 997940bcfe5954ade589bf7648bad28db5c8ea0d (patch) | |
tree | a29522eea4c9c300d76c2815637fd78b1a6d0800 /doc/mergecap.pod | |
parent | e2a238b16b8b5382c97366b1737ec195f33b35ee (diff) |
Update from Scott Renfro to allow mergecap to merge multiple capture
files into one capture file.
svn path=/trunk/; revision=3714
Diffstat (limited to 'doc/mergecap.pod')
-rw-r--r-- | doc/mergecap.pod | 48 |
1 files changed, 26 insertions, 22 deletions
diff --git a/doc/mergecap.pod b/doc/mergecap.pod index 2de167c6d7..f0d7fda248 100644 --- a/doc/mergecap.pod +++ b/doc/mergecap.pod @@ -6,28 +6,28 @@ mergecap - Merges two capture files into one =head1 SYNOPSYS B<mergecap> -S<[ B<-F> file format ]> -S<[ B<-T> encapsulation type ]> +S<[ B<-F> I<file format> ]> +S<[ B<-T> I<encapsulation type> ]> S<[ B<-a> ]> S<[ B<-v> ]> -S<[ B<-s> snaplen ]> +S<[ B<-s> I<snaplen> ]> S<[ B<-h> ]> -I<infile1> -I<infile2> -I<outfile> +S<B<-w> I<outfile>> +I<infile> +I<...> =head1 DESCRIPTION -B<Mergecap> is a program that reads two saved capture files and merges -all of the packets in those capture files into a third capture -file. B<Mergecap> knows how to read B<libpcap> capture files, including -those of B<tcpdump>. In addition, B<Mergecap> can read capture files -from B<snoop> (including B<Shomiti>) and B<atmsnoop>, B<LanAlyzer>, -B<Sniffer> (compressed or uncompressed), Microsoft B<Network Monitor>, -AIX's B<iptrace>, B<NetXray>, B<Sniffer Pro>, B<RADCOM>'s WAN/LAN -analyzer, B<Lucent/Ascend> router debug output, HP-UX's B<nettl>, and -the dump output from B<Toshiba's> ISDN routers. There is no need to -tell B<Mergecap> what type of file you are reading; it will determine the +B<Mergecap> is a program that combines multiple saved capture files into +a single output file specified by the B<-w> argument. B<Mergecap> knows +how to read B<libpcap> capture files, including those of B<tcpdump>. In +addition, B<Mergecap> can read capture files from B<snoop> (including +B<Shomiti>) and B<atmsnoop>, B<LanAlyzer>, B<Sniffer> (compressed or +uncompressed), Microsoft B<Network Monitor>, AIX's B<iptrace>, +B<NetXray>, B<Sniffer Pro>, B<RADCOM>'s WAN/LAN analyzer, +B<Lucent/Ascend> router debug output, HP-UX's B<nettl>, and the dump +output from B<Toshiba's> ISDN routers. There is no need to tell +B<Mergecap> what type of file you are reading; it will determine the file type by itself. B<Mergecap> is also capable of reading any of these file formats if they are compressed using gzip. B<Mergecap> recognizes this directly from the file; the '.gz' extension is not @@ -43,12 +43,12 @@ SuSE Linux 6.3), B<snoop> format, uncompressed B<Sniffer> format, Microsoft B<Network Monitor> 1.x format, and the format used by Windows-based versions of the B<Sniffer> software. -By default, the packets in the input files are merged in chronological -order based on each frame's timestamp, unless the B<-a> flag is -specified. B<Mergecap> assumes that frames within a single capture file -are already stored in chronological order. When the B<-a> flag is -specified, all the packets from the first input capture file are output, -followed by all of the packets from the second input capture file. +Packets from the input files are merged in chronological order based on +each frame's timestamp, unless the B<-a> flag is specified. B<Mergecap> +assumes that frames within a single capture file are already stored in +chronological order. When the B<-a> flag is specified, packets are +copied directly from each input file to the output file, independent of +each frame's timestamp. If the B<-s> flag is used to specify a snapshot length, frames in the input file with more captured data than the specified snapshot length @@ -75,6 +75,10 @@ fddi>' is specified). =over 4 +=item -w + +Sets the output filename. + =item -F Sets the file format of the output capture file. |