diff options
| author | Guy Harris <gharris@sonic.net> | 2023-05-17 19:10:39 -0700 |
|---|---|---|
| committer | John Thacker <johnthacker@gmail.com> | 2023-05-18 11:45:02 +0000 |
| commit | 9ef9fbeddfcba584e4623a65d77af7f2b3023e89 (patch) | |
| tree | 12063641ea003c3bad21567ee5bf746434a1211a /doc | |
| parent | ef0b1fe80a3fd70782b44c98863eab2622ee5580 (diff) | |
dumpcap(1): update some old "pcap as default format" text.
Speak of dumpcap writing a "capture file" rather than a "pcap file".
Use .pcapng rather than .pcap as the extension in sample capture file
names.
In the description of the -i option, explicitly mention the -P option as
being overridden if more than one -i option is specified.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/dumpcap.adoc | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/doc/dumpcap.adoc b/doc/dumpcap.adoc index 1c1741e1c4..fe88464794 100644 --- a/doc/dumpcap.adoc +++ b/doc/dumpcap.adoc @@ -58,10 +58,10 @@ When the *-P* option is specified, the output file is written in the Without any options set it will use the libpcap, Npcap, or WinPcap library to capture traffic from the first available network interface and writes the received raw packet data, along with the packets' time stamps into a -pcap file. +capture file. If the *-w* option is not specified, *Dumpcap* writes to a newly -created pcap file with a randomly chosen name. +created capture file with a randomly chosen name. If the *-w* option is specified, *Dumpcap* writes to the file specified by that option. @@ -99,9 +99,10 @@ Cause *Dumpcap* to run in "multiple files" mode. In "multiple files" mode, *Dumpcap* will write to several capture files. When the first capture file fills up, *Dumpcap* will switch writing to the next file and so on. -The created filenames are based on the filename given with the *-w* option, -the number of the file and on the creation date and time, -e.g. outfile_00001_20230714120117.pcap, outfile_00002_20230714120523.pcap, ... +The created filenames are based on the filename given with the *-w* +option, the number of the file and on the creation date and time, e.g. +outfile_00001_20230714120117.pcapng, +outfile_00002_20230714120523.pcapng, ... With the __files__ option it's also possible to form a "ring buffer". This will fill up new files until the number of files specified, @@ -259,7 +260,8 @@ endianness as the capturing host. specified port on the specified host and read pcapng or pcap data. This option can occur multiple times. When capturing from multiple -interfaces, the capture file will be saved in pcapng format. +interfaces, the capture file will be saved in pcapng format, even if +*-P* is specified. -- --ifdescr> <description>:: |