diff options
Diffstat (limited to 'docbook/wsug_src/text2pcap-h.txt')
| -rw-r--r-- | docbook/wsug_src/text2pcap-h.txt | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/docbook/wsug_src/text2pcap-h.txt b/docbook/wsug_src/text2pcap-h.txt new file mode 100644 index 00000000..9066427e --- /dev/null +++ b/docbook/wsug_src/text2pcap-h.txt @@ -0,0 +1,108 @@ +Text2pcap (Wireshark) 4.2.1 (v4.2.1rc0-11-gae025b2614ce) +Generate a capture file from an ASCII hexdump of packets. +See https://www.wireshark.org for more information. + +Usage: text2pcap [options] <infile> <outfile> + +where <infile> specifies input filename (use - for standard input) + <outfile> specifies output filename (use - for standard output) + +Input: + -o hex|oct|dec|none parse offsets as (h)ex, (o)ctal, (d)ecimal, or (n)one; + default is hex. + -t <timefmt> treat the text before the packet as a date/time code; + <timefmt> is a format string supported by strptime, + with an optional %f descriptor for fractional seconds. + Example: The time "10:15:14.5476" has the format code + "%H:%M:%S.%f" + The special format string ISO supports ISO-8601 times. + NOTE: Date/time fields from the current date/time are + used as the default for unspecified fields. + -D the text before the packet starts with an I or an O, + indicating that the packet is inbound or outbound. + This is used when generating dummy headers if the + output format supports it (e.g. pcapng). + -a enable ASCII text dump identification. + The start of the ASCII text dump can be identified + and excluded from the packet data, even if it looks + like a HEX dump. + NOTE: Do not enable it if the input file does not + contain the ASCII text dump. + -r <regex> enable regex mode. Scan the input using <regex>, a Perl + compatible regular expression matching a single packet. + Named capturing subgroups are used to identify fields: + <data> (mand.), and <time>, <dir>, and <seqno> (opt.) + The time field format is taken from the -t option + Example: -r '^(?<dir>[<>])\s(?<time>\d+:\d\d:\d\d.\d+)\s(?<data>[0-9a-fA-F]+)$' + could match a file with lines like + > 0:00:00.265620 a130368b000000080060 + < 0:00:00.295459 a2010800000000000000000800000000 + -b 2|8|16|64 encoding base (radix) of the packet data in regex mode + (def: 16: hexadecimal) No effect in hexdump mode. + +Output: + -F <capture type> set the output file type; default is pcapng. + an empty "-F" option will list the file types. + -E <encap type> set the output file encapsulation type; default is + ether (Ethernet). An empty "-E" option will list + the encapsulation types. + -l <typenum> set the output file encapsulation type via link-layer + type number; default is 1 (Ethernet). See + https://www.tcpdump.org/linktypes.html for a list of + numbers. + Example: -l 7 for ARCNet packets. + -m <max-packet> max packet length in output; default is 262144 + -N <intf-name> assign name to the interface in the pcapng file. + +Prepend dummy header: + -e <l3pid> prepend dummy Ethernet II header with specified L3PID + (in HEX). + Example: -e 0x806 to specify an ARP packet. + -i <proto> prepend dummy IP header with specified IP protocol + (in DECIMAL). + Automatically prepends Ethernet header as well if + link-layer type is Ethernet. + Example: -i 46 + -4 <srcip>,<destip> prepend dummy IPv4 header with specified + dest and source address. + Example: -4 10.0.0.1,10.0.0.2 + -6 <srcip>,<destip> prepend dummy IPv6 header with specified + dest and source address. + Example: -6 2001:db8::b3ff:fe1e:8329,2001:0db8:85a3::8a2e:0370:7334 + -u <srcp>,<destp> prepend dummy UDP header with specified + source and destination ports (in DECIMAL). + Automatically prepends Ethernet & IP headers as well. + Example: -u 1000,69 to make the packets look like + TFTP/UDP packets. + -T <srcp>,<destp> prepend dummy TCP header with specified + source and destination ports (in DECIMAL). + Automatically prepends Ethernet & IP headers as well. + Example: -T 50,60 + -s <srcp>,<dstp>,<tag> prepend dummy SCTP header with specified + source/dest ports and verification tag (in DECIMAL). + Automatically prepends Ethernet & IP headers as well. + Example: -s 30,40,34 + -S <srcp>,<dstp>,<ppi> prepend dummy SCTP header with specified + source/dest ports and verification tag 0. + Automatically prepends a dummy SCTP DATA + chunk header with payload protocol identifier ppi. + Example: -S 30,40,34 + -P <dissector> prepend EXPORTED_PDU header with specified dissector + as the payload DISSECTOR_NAME tag. + Automatically sets link type to Upper PDU Export. + EXPORTED_PDU payload defaults to "data" otherwise. + +Diagnostic output: + --log-level <level> sets the active log level ("critical", "warning", etc.) + --log-fatal <level> sets level to abort the program ("critical" or "warning") + --log-domains <[!]list> comma-separated list of the active log domains + --log-fatal-domains <list> + list of domains that cause the program to abort + --log-debug <[!]list> list of domains with "debug" level + --log-noisy <[!]list> list of domains with "noisy" level + --log-file <path> file to output messages to (in addition to stderr) + +Miscellaneous: + -h, --help display this help and exit + -v, --version print version information and exit + -q don't report processed packet counts |