From 32328695034b8a01bcba83ff291ead50b36af864 Mon Sep 17 00:00:00 2001 From: Jaap Keuter Date: Fri, 19 Nov 2010 00:05:38 +0000 Subject: Make some updates to describe the newer features. svn path=/trunk/; revision=34964 --- doc/text2pcap.pod | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'doc') diff --git a/doc/text2pcap.pod b/doc/text2pcap.pod index ec9be9b613..570cdd9001 100644 --- a/doc/text2pcap.pod +++ b/doc/text2pcap.pod @@ -57,9 +57,12 @@ a hex number longer than two characters. Any text after the bytes is ignored (e.g. the character dump). Any hex numbers in this text are also ignored. An offset of zero is indicative of starting a new packet, so a single text file with a series of hexdumps can be -converted into a packet capture with multiple packets. Multiple -packets are read in with timestamps differing by one second each. In -general, short of these restrictions, B is pretty liberal +converted into a packet capture with multiple packets. Packets may be +preceded by a timestamp. These are interpreted according to the format +given on the command line (see B<-t>). If not, the first packet +is timestamped with the current time the conversion takes place. Multiple +packets are written with timestamps differing by one microsecond each. +In general, short of these restrictions, B is pretty liberal about reading in hexdumps and has been tested with a variety of mangled outputs (including being forwarded through email multiple times, with limited line wrap etc.) @@ -76,7 +79,7 @@ type etc. B also allows the user to read in dumps of application-level data, by inserting dummy L2, L3 and L4 headers before each packet. The user can elect to insert Ethernet headers, -Ethernet and IP, or Ethernet, IP and UDP/TCP headers before each +Ethernet and IP, or Ethernet, IP and UDP/TCP/SCTP headers before each packet. This allows Wireshark or any other full-packet decoder to handle these dumps. -- cgit v1.2.3