diff options
author | gerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7> | 2011-03-24 22:47:57 +0000 |
---|---|---|
committer | gerald <gerald@f5534014-38df-0310-8fa8-9805f1628bb7> | 2011-03-24 22:47:57 +0000 |
commit | 7b4705c31a00c63eec7e95940cb13a6106d92f6e (patch) | |
tree | 982df185f08cae7b0a892b37069a03cd3721edc6 /doc | |
parent | 3382d32346206b7ec48346e1aa6385626989a1cb (diff) |
Add initial pcapng name resolution record support. Wireshark has read
support; TShark has read+write support. Additionally TShark can read a
"hosts" file and write those records to a capture file.
This uses "struct addrinfo" in many places and probably won't compile on
some platforms.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@36318 f5534014-38df-0310-8fa8-9805f1628bb7
Diffstat (limited to 'doc')
-rw-r--r-- | doc/editcap.pod | 26 | ||||
-rw-r--r-- | doc/tshark.pod | 26 |
2 files changed, 52 insertions, 0 deletions
diff --git a/doc/editcap.pod b/doc/editcap.pod index bf699723b5..deea34ea76 100644 --- a/doc/editcap.pod +++ b/doc/editcap.pod @@ -10,6 +10,8 @@ S<[ B<-c> E<lt>packets per fileE<gt> ]> S<[ B<-C> E<lt>choplenE<gt> ]> S<[ B<-E> E<lt>error probabilityE<gt> ]> S<[ B<-F> E<lt>file formatE<gt> ]> +S<[ B<-W> E<lt>file format optionE<gt>]> +S<[ B<-H> E<lt>input hosts file<gt> ]> S<[ B<-A> E<lt>start timeE<gt> ]> S<[ B<-B> E<lt>stop timeE<gt> ]> S<[ B<-h> ]> @@ -150,6 +152,30 @@ B<Editcap> can write the file in several formats, B<editcap -F> provides a list of the available output formats. The default is the B<libpcap> format. +=item -W E<lt>file format optionE<gt> + +Save extra information in the file if the format supports it. For +example, + + -F pcapng -W n + +will save host name resolution records along with captured packets. + +Future versions of Wireshark may automatically change the capture format to +B<pcapng> as needed. + +The argument is a string that may contain the following letter: + +B<n> write network address resolution information (pcapng only) + +=item -H E<lt>input "hosts" fileE<gt> + +Read a list of address to host name mappings and include the result in +the output file. Implies B<-W n>. + +The input file format is described at +L<http://en.wikipedia.org/wiki/Hosts_%28file%29>. + =item -A E<lt>start timeE<gt> Saves only the packets whose timestamp is on or after start time. diff --git a/doc/tshark.pod b/doc/tshark.pod index 7d94e4e8af..8813cc43ca 100644 --- a/doc/tshark.pod +++ b/doc/tshark.pod @@ -18,6 +18,7 @@ S<[ B<-E> E<lt>field print optionE<gt> ]> S<[ B<-f> E<lt>capture filterE<gt> ]> S<[ B<-F> E<lt>file formatE<gt> ]> S<[ B<-h> ]> +S<[ B<-H> E<lt>input hosts fileE<gt> ]> S<[ B<-i> E<lt>capture interfaceE<gt>|- ]> S<[ B<-I> ]> S<[ B<-K> E<lt>keytabE<gt> ]> @@ -37,6 +38,7 @@ S<[ B<-T> pdml|psml|ps|text|fields ]> S<[ B<-v> ]> S<[ B<-V> ]> S<[ B<-w> E<lt>outfileE<gt>|- ]> +S<[ B<-W> E<lt>file format optionE<gt>]> S<[ B<-x> ]> S<[ B<-X> E<lt>eXtension optionE<gt>]> S<[ B<-y> E<lt>capture link typeE<gt> ]> @@ -398,6 +400,14 @@ B<currentprefs> Dumps a copy of the current preferences file to stdout. Print the version and options and exits. +=item -H E<lt>input hosts fileE<gt> + +Read a list of entries from a "hosts" file, which will then be written +to a capture file. Implies B<-W n>. + +The "hosts" file format is documented at +L<http://en.wikipedia.org/wiki/Hosts_(file)>. + =item -i E<lt>capture interfaceE<gt> | - Set the name of the network interface or pipe to use for live packet @@ -617,6 +627,22 @@ NOTE: -w provides raw packet data, not text. If you want text output you need to redirect stdout (e.g. using '>'), don't use the B<-w> option for this. +=item -W E<lt>file format optionE<gt> + +Save extra information in the file if the format supports it. For +example, + + -F pcapng -W n + +will save host name resolution records along with captured packets. + +Future versions of Wireshark may automatically change the capture format to +B<pcapng> as needed. + +The argument is a string that may contain the following letter: + +B<n> write network address resolution information (pcapng only) + =item -x Cause B<TShark> to print a hex and ASCII dump of the packet data |