nexmon – Blame information for rev 1
?pathlinks?
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 1 | office | 1 | |
| 2 | =head1 NAME |
||
| 3 | |||
| 4 | capinfos - Prints information about capture files |
||
| 5 | |||
| 6 | =head1 SYNOPSIS |
||
| 7 | |||
| 8 | B<capinfos> |
||
| 9 | S<[ B<-a> ]> |
||
| 10 | S<[ B<-A> ]> |
||
| 11 | S<[ B<-b> ]> |
||
| 12 | S<[ B<-B> ]> |
||
| 13 | S<[ B<-c> ]> |
||
| 14 | S<[ B<-C> ]> |
||
| 15 | S<[ B<-d> ]> |
||
| 16 | S<[ B<-e> ]> |
||
| 17 | S<[ B<-E> ]> |
||
| 18 | S<[ B<-F> ]> |
||
| 19 | S<[ B<-h> ]> |
||
| 20 | S<[ B<-H> ]> |
||
| 21 | S<[ B<-i> ]> |
||
| 22 | S<[ B<-I> ]> |
||
| 23 | S<[ B<-l> ]> |
||
| 24 | S<[ B<-L> ]> |
||
| 25 | S<[ B<-m> ]> |
||
| 26 | S<[ B<-M> ]> |
||
| 27 | S<[ B<-N> ]> |
||
| 28 | S<[ B<-o> ]> |
||
| 29 | S<[ B<-q> ]> |
||
| 30 | S<[ B<-Q> ]> |
||
| 31 | S<[ B<-r> ]> |
||
| 32 | S<[ B<-R> ]> |
||
| 33 | S<[ B<-s> ]> |
||
| 34 | S<[ B<-S> ]> |
||
| 35 | S<[ B<-t> ]> |
||
| 36 | S<[ B<-T> ]> |
||
| 37 | S<[ B<-u> ]> |
||
| 38 | S<[ B<-v> ]> |
||
| 39 | S<[ B<-x> ]> |
||
| 40 | S<[ B<-y> ]> |
||
| 41 | S<[ B<-z> ]> |
||
| 42 | E<lt>I<infile>E<gt> |
||
| 43 | I<...> |
||
| 44 | |||
| 45 | =head1 DESCRIPTION |
||
| 46 | |||
| 47 | B<Capinfos> is a program that reads one or more capture files and |
||
| 48 | returns some or all available statistics (infos) of each E<lt>I<infile>E<gt> |
||
| 49 | in one of two types of output formats: long or table. |
||
| 50 | |||
| 51 | The long output is suitable for a human to read. The table output |
||
| 52 | is useful for generating a report that can be easily imported into |
||
| 53 | a spreadsheet or database. |
||
| 54 | |||
| 55 | The user specifies what type of output (long or table) and which |
||
| 56 | statistics to display by specifying flags (options) that corresponding |
||
| 57 | to the report type and desired infos. If no options are specified, |
||
| 58 | B<Capinfos> will report all statistics available in "long" format. |
||
| 59 | |||
| 60 | Options are processed from left to right order with later options |
||
| 61 | superseding or adding to earlier options. |
||
| 62 | |||
| 63 | B<Capinfos> is able to detect and read the same capture files that are |
||
| 64 | supported by B<Wireshark>. |
||
| 65 | The input files don't need a specific filename extension; the file |
||
| 66 | format and an optional gzip compression will be automatically detected. |
||
| 67 | Near the beginning of the DESCRIPTION section of wireshark(1) or |
||
| 68 | L<https://www.wireshark.org/docs/man-pages/wireshark.html> |
||
| 69 | is a detailed description of the way B<Wireshark> handles this, which is |
||
| 70 | the same way B<Capinfos> handles this. |
||
| 71 | |||
| 72 | =head1 OPTIONS |
||
| 73 | |||
| 74 | =over 4 |
||
| 75 | |||
| 76 | =item -a |
||
| 77 | |||
| 78 | Displays the start time of the capture. B<Capinfos> considers |
||
| 79 | the earliest timestamp seen to be the start time, so the |
||
| 80 | first packet in the capture is not necessarily the earliest - |
||
| 81 | if packets exist "out-of-order", time-wise, in the capture, |
||
| 82 | B<Capinfos> detects this. |
||
| 83 | |||
| 84 | =item -A |
||
| 85 | |||
| 86 | Generate all infos. By default capinfos will display |
||
| 87 | all infos values for each input file, but enabling |
||
| 88 | any of the individual display infos options will |
||
| 89 | disable the generate all option. |
||
| 90 | |||
| 91 | =item -b |
||
| 92 | |||
| 93 | Separate infos with ASCII SPACE (0x20) characters. |
||
| 94 | This option is only useful when generating a table |
||
| 95 | style report (-T). The various info values will be |
||
| 96 | separated (delimited) from one another with a single |
||
| 97 | ASCII SPACE character. |
||
| 98 | |||
| 99 | NOTE: Since some of the header labels as well as some |
||
| 100 | of the value fields contain SPACE characters. This |
||
| 101 | option is of limited value unless one of the quoting |
||
| 102 | options (-q or -Q) is also specified. |
||
| 103 | |||
| 104 | =item -B |
||
| 105 | |||
| 106 | Separate the infos with ASCII TAB characters. |
||
| 107 | This option is only useful when generating a table |
||
| 108 | style report (-T). The various info values will be |
||
| 109 | separated (delimited) from one another with a single |
||
| 110 | ASCII TAB character. The TAB character is the default |
||
| 111 | delimiter when -T style report is enabled. |
||
| 112 | |||
| 113 | =item -c |
||
| 114 | |||
| 115 | Displays the number of packets in the capture file. |
||
| 116 | |||
| 117 | =item -C |
||
| 118 | |||
| 119 | Cancel processing any additional files if and |
||
| 120 | when capinfos should fail to open an input file. |
||
| 121 | By default capinfos will attempt to open each and |
||
| 122 | every file name argument. |
||
| 123 | |||
| 124 | Note: An error message will be written to stderr |
||
| 125 | whenever capinfos fails to open a file regardless |
||
| 126 | of whether the -C option is specified or not. |
||
| 127 | Upon exit, capinfos will return an error status |
||
| 128 | if any errors occurred during processing. |
||
| 129 | |||
| 130 | =item -d |
||
| 131 | |||
| 132 | Displays the total length of all packets in the file, in |
||
| 133 | bytes. This counts the size of the packets as they appeared |
||
| 134 | in their original form, not as they appear in this file. |
||
| 135 | For example, if a packet was originally 1514 bytes and only |
||
| 136 | 256 of those bytes were saved to the capture file (if packets |
||
| 137 | were captured with a snaplen or other slicing option), |
||
| 138 | B<Capinfos> will consider the packet to have been 1514 bytes. |
||
| 139 | |||
| 140 | =item -e |
||
| 141 | |||
| 142 | Displays the end time of the capture. B<Capinfos> considers |
||
| 143 | the latest timestamp seen to be the end time, so the |
||
| 144 | last packet in the capture is not necessarily the latest - |
||
| 145 | if packets exist "out-of-order", time-wise, in the capture, |
||
| 146 | B<Capinfos> detects this. |
||
| 147 | |||
| 148 | =item -E |
||
| 149 | |||
| 150 | Displays the per-file encapsulation of the capture file. |
||
| 151 | |||
| 152 | =item -F |
||
| 153 | |||
| 154 | Displays additional capture file information. |
||
| 155 | |||
| 156 | =item -h |
||
| 157 | |||
| 158 | Prints the help listing and exits. |
||
| 159 | |||
| 160 | =item -H |
||
| 161 | |||
| 162 | Displays the SHA1, RIPEMD160, and MD5 hashes for the file. |
||
| 163 | |||
| 164 | =item -i |
||
| 165 | |||
| 166 | Displays the average data rate, in bits/sec |
||
| 167 | |||
| 168 | =item -I |
||
| 169 | |||
| 170 | Displays detailed capture file interface information. This information |
||
| 171 | is not available in table format. |
||
| 172 | |||
| 173 | =item -k |
||
| 174 | |||
| 175 | Displays the capture comment. For pcapng files, this is the comment from the |
||
| 176 | section header block. |
||
| 177 | |||
| 178 | =item -l |
||
| 179 | |||
| 180 | Display the snaplen (if any) for a file. |
||
| 181 | snaplen (if available) is determined from the capture file header |
||
| 182 | and by looking for truncated records in the capture file. |
||
| 183 | |||
| 184 | =item -L |
||
| 185 | |||
| 186 | Generate long report. Capinfos can generate two |
||
| 187 | different styles of reports. The "long" report is |
||
| 188 | the default style of output and is suitable for a |
||
| 189 | human to use. |
||
| 190 | |||
| 191 | =item -m |
||
| 192 | |||
| 193 | Separate the infos with comma (,) characters. This option |
||
| 194 | is only useful when generating a table style report (-T). |
||
| 195 | The various info values will be separated (delimited) |
||
| 196 | from one another with a single comma "," character. |
||
| 197 | |||
| 198 | =item -M |
||
| 199 | |||
| 200 | Print raw (machine readable) numeric values in long reports. |
||
| 201 | By default capinfos prints human-readable values with SI |
||
| 202 | suffixes. Table reports (-T) always print raw values. |
||
| 203 | |||
| 204 | =item -N |
||
| 205 | |||
| 206 | Do not quote the infos. This option is only useful |
||
| 207 | when generating a table style report (-T). Excluding |
||
| 208 | any quoting characters around the various values and |
||
| 209 | using a TAB delimiter produces a very "clean" table |
||
| 210 | report that is easily parsed with CLI tools. By |
||
| 211 | default infos are B<NOT> quoted. |
||
| 212 | |||
| 213 | =item -o |
||
| 214 | |||
| 215 | Displays "True" if packets exist in strict chronological order |
||
| 216 | or "False" if one or more packets in the capture exists |
||
| 217 | "out-of-order" time-wise. |
||
| 218 | |||
| 219 | =item -q |
||
| 220 | |||
| 221 | Quote infos with single quotes ('). This option is |
||
| 222 | only useful when generating a table style report (-T). |
||
| 223 | When this option is enabled, each value will be |
||
| 224 | encapsulated within a pair of single quote (') |
||
| 225 | characters. This option (when used with the -m |
||
| 226 | option) is useful for generating one type of CSV |
||
| 227 | style file report. |
||
| 228 | |||
| 229 | =item -Q |
||
| 230 | |||
| 231 | Quote infos with double quotes ("). This option is |
||
| 232 | only useful when generating a table style report (-T). |
||
| 233 | When this option is enabled, each value will be |
||
| 234 | encapsulated within a pair of double quote (") |
||
| 235 | characters. This option (when used with the -m |
||
| 236 | option) is useful for generating the most common |
||
| 237 | type of CSV style file report. |
||
| 238 | |||
| 239 | =item -r |
||
| 240 | |||
| 241 | Do not generate header record. This option is only |
||
| 242 | useful when generating a table style report (-T). |
||
| 243 | If this option is specified then B<no> header record will be |
||
| 244 | generated within the table report. |
||
| 245 | |||
| 246 | =item -R |
||
| 247 | |||
| 248 | Generate header record. This option is only useful |
||
| 249 | when generating a table style report (-T). A header |
||
| 250 | is generated by default. A header record (if generated) |
||
| 251 | is the first line of data reported and includes labels |
||
| 252 | for all the columns included within the table report. |
||
| 253 | |||
| 254 | =item -s |
||
| 255 | |||
| 256 | Displays the size of the file, in bytes. This reports |
||
| 257 | the size of the capture file itself. |
||
| 258 | |||
| 259 | =item -S |
||
| 260 | |||
| 261 | Display the start and end times as seconds since January |
||
| 262 | 1, 1970. Handy for synchronizing dumps using B<editcap -t>. |
||
| 263 | |||
| 264 | =item -t |
||
| 265 | |||
| 266 | Displays the capture type of the capture file. |
||
| 267 | |||
| 268 | =item -T |
||
| 269 | |||
| 270 | Generate a table report. A table report is a text file |
||
| 271 | that is suitable for importing into a spreadsheet or |
||
| 272 | database. Capinfos can build a tab delimited text file |
||
| 273 | (the default) or several variations on Comma-separated |
||
| 274 | values (CSV) files. |
||
| 275 | |||
| 276 | =item -u |
||
| 277 | |||
| 278 | Displays the capture duration, in seconds. This is the |
||
| 279 | difference in time between the earliest packet seen and |
||
| 280 | latest packet seen. |
||
| 281 | |||
| 282 | =item -v |
||
| 283 | |||
| 284 | Displays the tool's version and exits. |
||
| 285 | |||
| 286 | =item -x |
||
| 287 | |||
| 288 | Displays the average packet rate, in packets/sec |
||
| 289 | |||
| 290 | =item -y |
||
| 291 | |||
| 292 | Displays the average data rate, in bytes/sec |
||
| 293 | |||
| 294 | =item -z |
||
| 295 | |||
| 296 | Displays the average packet size, in bytes |
||
| 297 | |||
| 298 | =back |
||
| 299 | |||
| 300 | =head1 EXAMPLES |
||
| 301 | |||
| 302 | To see a description of the capinfos options use: |
||
| 303 | |||
| 304 | capinfos -h |
||
| 305 | |||
| 306 | To generate a long form report for the capture file |
||
| 307 | mycapture.pcap use: |
||
| 308 | |||
| 309 | capinfos mycapture.pcap |
||
| 310 | |||
| 311 | To generate a TAB delimited table form report for the capture |
||
| 312 | file mycapture.pcap use: |
||
| 313 | |||
| 314 | capinfos -T mycapture.pcap |
||
| 315 | |||
| 316 | To generate a CSV style table form report for the capture |
||
| 317 | file mycapture.pcap use: |
||
| 318 | |||
| 319 | capinfos -T -m -Q mycapture.pcap |
||
| 320 | |||
| 321 | or |
||
| 322 | |||
| 323 | capinfos -TmQ mycapture.pcap |
||
| 324 | |||
| 325 | |||
| 326 | To generate a TAB delimited table style report with just the |
||
| 327 | filenames, capture type, capture encapsulation type and packet |
||
| 328 | count for all the pcap files in the current directory use: |
||
| 329 | |||
| 330 | capinfos -T -t -E -c *.pcap |
||
| 331 | |||
| 332 | or |
||
| 333 | |||
| 334 | capinfos -TtEs *.pcap |
||
| 335 | |||
| 336 | Note: The ability to use of filename globbing characters are |
||
| 337 | a feature of *nix style command shells. |
||
| 338 | |||
| 339 | To generate a CSV delimited table style report of all infos |
||
| 340 | for all pcap files in the current directory and write it to |
||
| 341 | a text file called mycaptures.csv use: |
||
| 342 | |||
| 343 | capinfos -TmQ *.pcap >mycaptures.csv |
||
| 344 | |||
| 345 | The resulting mycaptures.csv file can be easily imported |
||
| 346 | into spreadsheet applications. |
||
| 347 | |||
| 348 | =head1 SEE ALSO |
||
| 349 | |||
| 350 | pcap(3), wireshark(1), mergecap(1), editcap(1), tshark(1), |
||
| 351 | dumpcap(1), pcap-filter(7) or tcpdump(8) |
||
| 352 | |||
| 353 | =head1 NOTES |
||
| 354 | |||
| 355 | B<Capinfos> is part of the B<Wireshark> distribution. The latest version |
||
| 356 | of B<Wireshark> can be found at L<https://www.wireshark.org>. |
||
| 357 | |||
| 358 | HTML versions of the Wireshark project man pages are available at: |
||
| 359 | L<https://www.wireshark.org/docs/man-pages>. |
||
| 360 | |||
| 361 | =head1 AUTHORS |
||
| 362 | |||
| 363 | Original Author |
||
| 364 | -------- ------ |
||
| 365 | Ian Schorr <ian[AT]ianschorr.com> |
||
| 366 | |||
| 367 | |||
| 368 | Contributors |
||
| 369 | ------------ |
||
| 370 | Gerald Combs <gerald[AT]wireshark.org> |
||
| 371 | Jim Young <jyoung[AT]gsu.edu> |