1 files changed, 122 insertions, 0 deletions

diff --git a/doc/wsug_src/editcap-h.txt b/doc/wsug_src/editcap-h.txt
new file mode 100644
index 00000000..93edff0b
--- /dev/null
+++ b/doc/wsug_src/editcap-h.txt
@@ -0,0 +1,122 @@
+Editcap (Wireshark) 4.4.0 (v4.4.0rc1-11-g13699b5b3e78)
+Edit and/or translate the format of capture files.
+See https://www.wireshark.org for more information.
+
+Usage: editcap [options] ... <infile> <outfile> [ <packet#>[-<packet#>] ... ]
+
+<infile> and <outfile> must both be present; use '-' for stdin or stdout.
+A single packet or a range of packets can be selected.
+
+Packet selection:
+  -r                     keep the selected packets; default is to delete them.
+  -A <start time>        only read packets whose timestamp is after (or equal
+                         to) the given time.
+  -B <stop time>         only read packets whose timestamp is before the
+                         given time.
+                         Time format for -A/-B options is
+                         YYYY-MM-DDThh:mm:ss[.nnnnnnnnn][Z|+-hh:mm]
+                         Unix epoch timestamps are also supported.
+
+Duplicate packet removal:
+  --novlan               remove vlan info from packets before checking for duplicates.
+  -d                     remove packet if duplicate (window == 5).
+  -D <dup window>        remove packet if duplicate; configurable <dup window>.
+                         Valid <dup window> values are 0 to 1000000.
+                         NOTE: A <dup window> of 0 with -V (verbose option) is
+                         useful to print MD5 hashes.
+  -w <dup time window>   remove packet if duplicate packet is found EQUAL TO OR
+                         LESS THAN <dup time window> prior to current packet.
+                         A <dup time window> is specified in relative seconds
+                         (e.g. 0.000001).
+           NOTE: The use of the 'Duplicate packet removal' options with
+           other editcap options except -V may not always work as expected.
+           Specifically the -r, -t or -S options will very likely NOT have the
+           desired effect if combined with the -d, -D or -w.
+  --skip-radiotap-header skip radiotap header when checking for packet duplicates.
+                         Useful when processing packets captured by multiple radios
+                         on the same channel in the vicinity of each other.
+  --set-unused           set unused byts to zero in sll link addr.
+
+Packet manipulation:
+  -s <snaplen>           truncate each packet to max. <snaplen> bytes of data.
+  -C [offset:]<choplen>  chop each packet by <choplen> bytes. Positive values
+                         chop at the packet beginning, negative values at the
+                         packet end. If an optional offset precedes the length,
+                         then the bytes chopped will be offset from that value.
+                         Positive offsets are from the packet beginning,
+                         negative offsets are from the packet end. You can use
+                         this option more than once, allowing up to 2 chopping
+                         regions within a packet provided that at least 1
+                         choplen is positive and at least 1 is negative.
+  -L                     adjust the frame (i.e. reported) length when chopping
+                         and/or snapping.
+  -t <time adjustment>   adjust the timestamp of each packet.
+                         <time adjustment> is in relative seconds (e.g. -0.5).
+  -S <strict adjustment> adjust timestamp of packets if necessary to ensure
+                         strict chronological increasing order. The <strict
+                         adjustment> is specified in relative seconds with
+                         values of 0 or 0.000001 being the most reasonable.
+                         A negative adjustment value will modify timestamps so
+                         that each packet's delta time is the absolute value
+                         of the adjustment specified. A value of -0 will set
+                         all packets to the timestamp of the first packet.
+  -E <error probability> set the probability (between 0.0 and 1.0 incl.) that
+                         a particular packet byte will be randomly changed.
+  -o <change offset>     When used in conjunction with -E, skip some bytes from the
+                         beginning of the packet. This allows one to preserve some
+                         bytes, in order to have some headers untouched.
+  --seed <seed>          When used in conjunction with -E, set the seed to use for
+                         the pseudo-random number generator. This allows one to
+                         repeat a particular sequence of errors.
+  -I <bytes to ignore>   ignore the specified number of bytes at the beginning
+                         of the frame during MD5 hash calculation, unless the
+                         frame is too short, then the full frame is used.
+                         Useful to remove duplicated packets taken on
+                         several routers (different mac addresses for
+                         example).
+                         e.g. -I 26 in case of Ether/IP will ignore
+                         ether(14) and IP header(20 - 4(src ip) - 4(dst ip)).
+  -a <framenum>:<comment> Add or replace comment for given frame number
+
+Output File(s):
+                         if the output file(s) have the .gz extension, then
+                         gzip compression will be used
+  -c <packets per file>  split the packet output to different files based on
+                         uniform packet counts with a maximum of
+                         <packets per file> each.
+  -i <seconds per file>  split the packet output to different files based on
+                         uniform time intervals with a maximum of
+                         <seconds per file> each.
+  -F <capture type>      set the output file type; default is pcapng.
+                         An empty "-F" option will list the file types.
+  -T <encap type>        set the output file encapsulation type; default is the
+                         same as the input file. An empty "-T" option will
+                         list the encapsulation types.
+  --inject-secrets <type>,<file>  Insert decryption secrets from <file>. List
+                         supported secret types with "--inject-secrets help".
+  --extract-secrets      Extract decryption secrets into the output file instead.
+                         Incompatible with other options besides -V.
+  --discard-all-secrets  Discard all decryption secrets from the input file
+                         when writing the output file.  Does not discard
+                         secrets added by "--inject-secrets" in the same
+                         command line.
+  --capture-comment <comment>
+                         Add a capture file comment, if supported.
+  --discard-capture-comment
+                         Discard capture file comments from the input file
+                         when writing the output file.  Does not discard
+                         comments added by "--capture-comment" in the same
+                         command line.
+  --discard-packet-comments
+                         Discard all packet comments from the input file
+                         when writing the output file.  Does not discard
+                         comments added by "-a" in the same command line.
+  --compress <type>      Compress the output file using the type compression format.
+
+Miscellaneous:
+  -h, --help             display this help and exit.
+  -V                     verbose output.
+                         If -V is used with any of the 'Duplicate Packet
+                         Removal' options (-d, -D or -w) then Packet lengths
+                         and MD5 hashes are printed to standard-error.
+  -v, --version          print version information and exit.