On Tue, 11 Oct 2005, Ulf Lamping wrote:
> Hi List!
>
> The description of the packet range and the -r option seems to be
> misleading.
>
> As I don't know the current implementation well, could someone have a
> look at it?
The attached patch extends the synopsys and adds an 'Examples' chapter to
the editcap documentation.
Hope it helps,
Jaap
Index: editcap.pod
===================================================================
--- editcap.pod (revision 16280)
+++ editcap.pod (working copy)
@@ -16,7 +16,7 @@
S<[ B<-v> ]>
I<infile>
I<outfile>
-S<[ I<record#> ... ]>
+S<[ I<record#>[-I<record#>] ... ]>
=head1 DESCRIPTION
@@ -211,6 +211,68 @@
=back
+=head1 EXAMPLES
+
+To see more detailed description of the options use:
+
+=over 4
+
+editcap -h
+
+=back
+
+To shrink the capture file by truncating the packets at 64 bytes and writing it as Sun snoop file use:
+
+=over 4
+
+editcap -s 64 -F snoop capture.pcap shortcapture.snoop
+
+=back
+
+To delete packet 1000 from the capture file use:
+
+=over 4
+
+editcap capture.pcap sans1000.pcap 1000
+
+=back
+
+To crop a capture file to packet 200 to 750 inclusive use:
+
+=over 4
+
+editcap -r capture.pcap small.pcap 200-750
+
+=back
+
+To cut off a capture file at packet 500 use:
+
+=over 4
+
+editcap capture.pcap 500.pcap 501-9999999
+
+or
+
+editcap -r capture.pcap 500.pcap 0-500
+
+=back
+
+To filter packets 10 to 20 and 30 to 40 into a new file use:
+
+=over 4
+
+edicap -r capture.pcap selection.pcap 10-20 30-40
+
+=back
+
+To introduce 5% random errors in a capture file use:
+
+=over 4
+
+editcap -E 0.05 capture.pcap capture_error.pcap
+
+=back
+
=head1 SEE ALSO
I<tcpdump(8)>, I<pcap(3)>, I<ethereal(1)>, I<mergecap(1)>
