diff options
Diffstat (limited to 'docbook/wsug_src/editcap-h.txt')
| -rw-r--r-- | docbook/wsug_src/editcap-h.txt | 117 |
1 files changed, 0 insertions, 117 deletions
diff --git a/docbook/wsug_src/editcap-h.txt b/docbook/wsug_src/editcap-h.txt deleted file mode 100644 index c5aa64a5..00000000 --- a/docbook/wsug_src/editcap-h.txt +++ /dev/null @@ -1,117 +0,0 @@ -Editcap (Wireshark) 4.2.6 (v4.2.6rc0-2-g76ee960786d7) -Edit and/or translate the format of capture files. -See https://www.wireshark.org for more information. - -Usage: editcap [options] ... <infile> <outfile> [ <packet#>[-<packet#>] ... ] - -<infile> and <outfile> must both be present; use '-' for stdin or stdout. -A single packet or a range of packets can be selected. - -Packet selection: - -r keep the selected packets; default is to delete them. - -A <start time> only read packets whose timestamp is after (or equal - to) the given time. - -B <stop time> only read packets whose timestamp is before the - given time. - Time format for -A/-B options is - YYYY-MM-DDThh:mm:ss[.nnnnnnnnn][Z|+-hh:mm] - Unix epoch timestamps are also supported. - -Duplicate packet removal: - --novlan remove vlan info from packets before checking for duplicates. - -d remove packet if duplicate (window == 5). - -D <dup window> remove packet if duplicate; configurable <dup window>. - Valid <dup window> values are 0 to 1000000. - NOTE: A <dup window> of 0 with -V (verbose option) is - useful to print MD5 hashes. - -w <dup time window> remove packet if duplicate packet is found EQUAL TO OR - LESS THAN <dup time window> prior to current packet. - A <dup time window> is specified in relative seconds - (e.g. 0.000001). - NOTE: The use of the 'Duplicate packet removal' options with - other editcap options except -V may not always work as expected. - Specifically the -r, -t or -S options will very likely NOT have the - desired effect if combined with the -d, -D or -w. - --skip-radiotap-header skip radiotap header when checking for packet duplicates. - Useful when processing packets captured by multiple radios - on the same channel in the vicinity of each other. - --set-unused set unused byts to zero in sll link addr. - -Packet manipulation: - -s <snaplen> truncate each packet to max. <snaplen> bytes of data. - -C [offset:]<choplen> chop each packet by <choplen> bytes. Positive values - chop at the packet beginning, negative values at the - packet end. If an optional offset precedes the length, - then the bytes chopped will be offset from that value. - Positive offsets are from the packet beginning, - negative offsets are from the packet end. You can use - this option more than once, allowing up to 2 chopping - regions within a packet provided that at least 1 - choplen is positive and at least 1 is negative. - -L adjust the frame (i.e. reported) length when chopping - and/or snapping. - -t <time adjustment> adjust the timestamp of each packet. - <time adjustment> is in relative seconds (e.g. -0.5). - -S <strict adjustment> adjust timestamp of packets if necessary to ensure - strict chronological increasing order. The <strict - adjustment> is specified in relative seconds with - values of 0 or 0.000001 being the most reasonable. - A negative adjustment value will modify timestamps so - that each packet's delta time is the absolute value - of the adjustment specified. A value of -0 will set - all packets to the timestamp of the first packet. - -E <error probability> set the probability (between 0.0 and 1.0 incl.) that - a particular packet byte will be randomly changed. - -o <change offset> When used in conjunction with -E, skip some bytes from the - beginning of the packet. This allows one to preserve some - bytes, in order to have some headers untouched. - --seed <seed> When used in conjunction with -E, set the seed to use for - the pseudo-random number generator. This allows one to - repeat a particular sequence of errors. - -I <bytes to ignore> ignore the specified number of bytes at the beginning - of the frame during MD5 hash calculation, unless the - frame is too short, then the full frame is used. - Useful to remove duplicated packets taken on - several routers (different mac addresses for - example). - e.g. -I 26 in case of Ether/IP will ignore - ether(14) and IP header(20 - 4(src ip) - 4(dst ip)). - -a <framenum>:<comment> Add or replace comment for given frame number - -Output File(s): - -c <packets per file> split the packet output to different files based on - uniform packet counts with a maximum of - <packets per file> each. - -i <seconds per file> split the packet output to different files based on - uniform time intervals with a maximum of - <seconds per file> each. - -F <capture type> set the output file type; default is pcapng. - An empty "-F" option will list the file types. - -T <encap type> set the output file encapsulation type; default is the - same as the input file. An empty "-T" option will - list the encapsulation types. - --inject-secrets <type>,<file> Insert decryption secrets from <file>. List - supported secret types with "--inject-secrets help". - --discard-all-secrets Discard all decryption secrets from the input file - when writing the output file. Does not discard - secrets added by "--inject-secrets" in the same - command line. - --capture-comment <comment> - Add a capture file comment, if supported. - --discard-capture-comment - Discard capture file comments from the input file - when writing the output file. Does not discard - comments added by "--capture-comment" in the same - command line. - --discard-packet-comments - Discard all packet comments from the input file - when writing the output file. Does not discard - comments added by "-a" in the same command line. - -Miscellaneous: - -h, --help display this help and exit. - -V verbose output. - If -V is used with any of the 'Duplicate Packet - Removal' options (-d, -D or -w) then Packet lengths - and MD5 hashes are printed to standard-error. - -v, --version print version information and exit. |