C.5. editcap: edit capture files, C.5. editcap : edit capture files – Lucent Technologies Ethereal User Manual

Page 181

Advertising
background image

C.5. editcap: Edit capture files

Included with Ethereal is a small utility called editcap, which is a command-line utility for working
with capture files. Its main function is to remove packets from capture files, but it can also be used
to convert capture files from one format to another, as well as print information about capture files.

Example C.2. Help information available from editcap

$ editcap.exe -h
Usage: editcap [-r] [-h] [-v] [-T <encap type>] [-E <probability>]

[-F <capture type>]> [-s <snaplen>] [-t <time adjustment>]
<infile> <outfile> [ <record#>[-<record#>] ... ]

where

-E <probability> specifies the probability (between 0 and 1)

that a particular byte will will have an error.

-F <capture type> specifies the capture file type to write:

libpcap - libpcap (tcpdump, Ethereal, etc.)
rh6_1libpcap - RedHat Linux 6.1 libpcap (tcpdump)
suse6_3libpcap - SuSE Linux 6.3 libpcap (tcpdump)
modlibpcap - modified libpcap (tcpdump)
nokialibpcap - Nokia libpcap (tcpdump)
lanalyzer - Novell LANalyzer
ngsniffer - Network Associates Sniffer (DOS-based)
snoop - Sun snoop
netmon1 - Microsoft Network Monitor 1.x
netmon2 - Microsoft Network Monitor 2.x
ngwsniffer_1_1 - Network Associates Sniffer (Windows-based) 1.1
ngwsniffer_2_0 - Network Associates Sniffer (Windows-based) 2.00x
nettl - HP-UX nettl trace
visual - Visual Networks traffic capture
5views - Accellent 5Views capture
niobserverv9 - Network Instruments Observer version 9
default is libpcap

-h produces this help listing.
-r specifies that the records specified should be kept, not deleted,

default is to delete

-s <snaplen> specifies that packets should be truncated to

<snaplen> bytes of data

-t <time adjustment> specifies the time adjustment

to be applied to selected packets

-T <encap type> specifies the encapsulation type to use:

ether - Ethernet
tr - Token Ring
slip - SLIP
ppp - PPP
fddi - FDDI
fddi-swapped - FDDI with bit-swapped MAC addresses
rawip - Raw IP
arcnet - ARCNET
arcnet_linux - Linux ARCNET
atm-rfc1483 - RFC 1483 ATM
linux-atm-clip - Linux ATM CLIP
lapb - LAPB
atm-pdus - ATM PDUs
atm-pdus-untruncated - ATM PDUs - untruncated
null - NULL
ascend - Lucent/Ascend access equipment
isdn - ISDN
ip-over-fc - RFC 2625 IP-over-Fibre Channel
ppp-with-direction - PPP with Directional Info
ieee-802-11 - IEEE 802.11 Wireless LAN
prism - IEEE 802.11 plus Prism II monitor mode header
ieee-802-11-radio - IEEE 802.11 Wireless LAN with radio information

Related command line tools

167

Advertising
Popular Brands
Popular manuals