Партнёры:
Хостинг:
Editcap - Edit and/or translate the format of capture filesSYNOPSYS
editcap [ -F file format ] [ -T encapsulation type ] [ -r ] [ -v ] [ -s snaplen ] [ -h ] infile outfile [ record# ... ]DESCRIPTION
Editcap is a program that reads a saved capture file and writes some or all of the packets in that capture file to another capture file. Editcap knows how to read libpcap capture files, including those of tcpdump. In addition, Editcap can read capture files from snoop (including Shomiti) and atmsnoop, LanAlyzer, Sniffer (compressed or uncompressed), Microsoft Network Monitor, AIX's iptrace, NetXray, Sniffer Pro, RADCOM's WAN/LAN analyzer, Lucent/Ascend router debug output, HP-UX's nettl, and the dump output from Toshiba's ISDN routers. There is no need to tell Editcap what type of file you are reading; it will determine the file type by itself. Editcap is also capable of reading any of these file formats if they are compressed using gzip. Editcap recognizes this directly from the file; the '.gz' extension is not required for this purpose. By default, it writes the capture file in libpcap format, and writes all of the packets in the capture file to the output file. The -F flag can be used to specify the format in which to write the capture file; it can write the file in libpcap format (standard libpcap format, a modified format used by some patched versions of libpcap, or the format used by Red Hat Linux 6.1), snoop format, uncompressed Sniffer format, Microsoft Network Monitor 1.x format, and the format used by Windows-based versions of the Sniffer software. A list of packet numbers can be specified on the command line; the packets with those numbers will not be written to the capture file, unless the -r flag is specified, in which case only those packets will be written to the capture file. If the -s flag is used to specify a snapshot length, frames in the input file with more captured data than the specified snapshot length will have only the amount of data specified by the snapshot length written to the output file. This may be useful if the program that is to read the output file cannot handle packets larger than a certain size (for example, the versions of snoop in Solaris 2.5.1 and Solaris 2.6 appear to reject Ethernet frames larger than the standard Ethernet MTU, making them incapable of handling gigabit Ethernet captures if jumbo frames were used). If the -T flag is used to specify an encapsulation type, the encapsulation type of the output capture file will be forced to the specified type, rather than being the type appropriate to the encapsulation type of the input capture file. Note that this merely forces the encapsulation type of the output file to be the specified type; the packet headers of the packets will not be translated from the encapsulation type of the input capture file to the specified encapsulation type (for example, it will not translate an Ethernet capture to an FDDI capture if an Ethernet capture is read and '-T fddi' is specified).OPTIONS
-F Sets the file format of the output capture file. -T Sets the packet encapsulation type of the output capture file. -r Causes the packets whose packet numbers are specified on the command line to be written to the output capture file, and no other packets to be written to the output capture file. -v Causes editcap to print a number of messages while it's working. -s Sets the snapshot length to use when writing the data. -h Prints the version and options and exits.SEE ALSO
the tcpdump(8) manpage, the pcap(3) manpage, the ethereal(1) manpageNOTES
Editcap is part of the Ethereal distribution. The latest version of Ethereal can be found at http://ethereal.zing.org.AUTHORS
Original Author -------- ------ Richard Sharpe <sharpe@ns.aus.com> Contributors ------------ Guy Harris <guy@alum.mit.edu>
|
Закладки на сайте Проследить за страницей |
Created 1996-2024 by Maxim Chirkov Добавить, Поддержать, Вебмастеру |