diff options
Diffstat (limited to 'docbook/wsug_src/editcap-h.txt')
| -rw-r--r-- | docbook/wsug_src/editcap-h.txt | 117 |
1 files changed, 117 insertions, 0 deletions
diff --git a/docbook/wsug_src/editcap-h.txt b/docbook/wsug_src/editcap-h.txt new file mode 100644 index 00000000..0b8a5b53 --- /dev/null +++ b/docbook/wsug_src/editcap-h.txt @@ -0,0 +1,117 @@ +Editcap (Wireshark) 4.2.1 (v4.2.1rc0-11-gae025b2614ce) +Edit and/or translate the format of capture files. +See https://www.wireshark.org for more information. + +Usage: editcap [options] ... <infile> <outfile> [ <packet#>[-<packet#>] ... ] + +<infile> and <outfile> must both be present; use '-' for stdin or stdout. +A single packet or a range of packets can be selected. + +Packet selection: + -r keep the selected packets; default is to delete them. + -A <start time> only read packets whose timestamp is after (or equal + to) the given time. + -B <stop time> only read packets whose timestamp is before the + given time. + Time format for -A/-B options is + YYYY-MM-DDThh:mm:ss[.nnnnnnnnn][Z|+-hh:mm] + Unix epoch timestamps are also supported. + +Duplicate packet removal: + --novlan remove vlan info from packets before checking for duplicates. + -d remove packet if duplicate (window == 5). + -D <dup window> remove packet if duplicate; configurable <dup window>. + Valid <dup window> values are 0 to 1000000. + NOTE: A <dup window> of 0 with -V (verbose option) is + useful to print MD5 hashes. + -w <dup time window> remove packet if duplicate packet is found EQUAL TO OR + LESS THAN <dup time window> prior to current packet. + A <dup time window> is specified in relative seconds + (e.g. 0.000001). + NOTE: The use of the 'Duplicate packet removal' options with + other editcap options except -V may not always work as expected. + Specifically the -r, -t or -S options will very likely NOT have the + desired effect if combined with the -d, -D or -w. + --skip-radiotap-header skip radiotap header when checking for packet duplicates. + Useful when processing packets captured by multiple radios + on the same channel in the vicinity of each other. + --set-unused set unused byts to zero in sll link addr. + +Packet manipulation: + -s <snaplen> truncate each packet to max. <snaplen> bytes of data. + -C [offset:]<choplen> chop each packet by <choplen> bytes. Positive values + chop at the packet beginning, negative values at the + packet end. If an optional offset precedes the length, + then the bytes chopped will be offset from that value. + Positive offsets are from the packet beginning, + negative offsets are from the packet end. You can use + this option more than once, allowing up to 2 chopping + regions within a packet provided that at least 1 + choplen is positive and at least 1 is negative. + -L adjust the frame (i.e. reported) length when chopping + and/or snapping. + -t <time adjustment> adjust the timestamp of each packet. + <time adjustment> is in relative seconds (e.g. -0.5). + -S <strict adjustment> adjust timestamp of packets if necessary to ensure + strict chronological increasing order. The <strict + adjustment> is specified in relative seconds with + values of 0 or 0.000001 being the most reasonable. + A negative adjustment value will modify timestamps so + that each packet's delta time is the absolute value + of the adjustment specified. A value of -0 will set + all packets to the timestamp of the first packet. + -E <error probability> set the probability (between 0.0 and 1.0 incl.) that + a particular packet byte will be randomly changed. + -o <change offset> When used in conjunction with -E, skip some bytes from the + beginning of the packet. This allows one to preserve some + bytes, in order to have some headers untouched. + --seed <seed> When used in conjunction with -E, set the seed to use for + the pseudo-random number generator. This allows one to + repeat a particular sequence of errors. + -I <bytes to ignore> ignore the specified number of bytes at the beginning + of the frame during MD5 hash calculation, unless the + frame is too short, then the full frame is used. + Useful to remove duplicated packets taken on + several routers (different mac addresses for + example). + e.g. -I 26 in case of Ether/IP will ignore + ether(14) and IP header(20 - 4(src ip) - 4(dst ip)). + -a <framenum>:<comment> Add or replace comment for given frame number + +Output File(s): + -c <packets per file> split the packet output to different files based on + uniform packet counts with a maximum of + <packets per file> each. + -i <seconds per file> split the packet output to different files based on + uniform time intervals with a maximum of + <seconds per file> each. + -F <capture type> set the output file type; default is pcapng. + An empty "-F" option will list the file types. + -T <encap type> set the output file encapsulation type; default is the + same as the input file. An empty "-T" option will + list the encapsulation types. + --inject-secrets <type>,<file> Insert decryption secrets from <file>. List + supported secret types with "--inject-secrets help". + --discard-all-secrets Discard all decryption secrets from the input file + when writing the output file. Does not discard + secrets added by "--inject-secrets" in the same + command line. + --capture-comment <comment> + Add a capture file comment, if supported. + --discard-capture-comment + Discard capture file comments from the input file + when writing the output file. Does not discard + comments added by "--capture-comment" in the same + command line. + --discard-packet-comments + Discard all packet comments from the input file + when writing the output file. Does not discard + comments added by "-a" in the same command line. + +Miscellaneous: + -h, --help display this help and exit. + -V verbose output. + If -V is used with any of the 'Duplicate Packet + Removal' options (-d, -D or -w) then Packet lengths + and MD5 hashes are printed to standard-error. + -v, --version print version information and exit. |