|
|
Wireshark 1.0.6 (Default branch)
02-07-2009
Wireshark (formerly Ethereal) is a network protocol analyzer, or "packet sniffer", that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality packet analyzer for Unix, and the most useful packet analyzer on any platform. License: GNU General Public License (GPL) Changes:|
|
CAPINFOS(1) The Wireshark Network Analyzer CAPINFOS(1) NAME
capinfos - Prints information about capture files SYNOPSIS
capinfos [ -t ] [ -E ] [ -c ] [ -s ] [ -d ] [ -u ] [ -a ] [ -e ] [ -y ] [ -i ] [ -z ] [ -x ] [ -h ] <infile> ... DESCRIPTION
Capinfos is a program that reads one or more capture files and returns some or all available statistics of each <infile>. The user specifies which statistics to report by specifying flags corresponding to the statistic. If no flags are specified, Capinfos will report all statistics available. Capinfos is able to detect and read the same capture files that are supported by Wireshark. The input files don't need a specific filename extension; the file format and an optional gzip compression will be automatically detected. Near the beginning of the DESCRIPTION section of wireshark(1) or http://www.wireshark.org/docs/man-pages/wireshark.html <http://www.wireshark.org/docs/man-pages/wireshark.html> is a detailed description of the way Wireshark handles this, which is the same way Capinfos handles this. OPTIONS
-t Displays the capture type of the capture file. -E Displays the per-file encapsulation of the capture file. -c Counts the number of packets in the capture file. -s Displays the size of the file, in bytes. This reports the size of the capture file itself. -d Displays the total length of all packets in the file, in bytes. This counts the size of the packets as they appeared in their original form, not as they appear in this file. For example, if a packet was originally 1514 bytes and only 256 of those bytes were saved to the capture file (if packets were captured with a snaplen or other slicing option), Capinfos will consider the packet to have been 1514 bytes. -u Displays the capture duration, in seconds. This is the difference in time between the earliest packet seen and latest packet seen. -a Displays the start time of the capture. Capinfos considers the earliest timestamp seen to be the start time, so the first packet in the capture is not necessarily the earliest - if packets exist "out-of-order", time-wise, in the capture, Capinfos detects this. -e Displays the end time of the capture. Capinfos considers the latest timestamp seen to be the end time, so the last packet in the capture is not necessarily the latest - if packets exist "out-of-order", time-wise, in the capture, Capinfos detects this. -y Displays the average data rate, in bytes/sec -i Displays the average data rate, in bits/sec -z displays the average packet size, in bytes -x displays the average packet rate, in packets/sec -h Prints the help listing and exits. SEE ALSO
tcpdump(8), pcap(3), wireshark(1), mergecap(1), editcap(1), tshark(1), dumpcap(1) NOTES
Capinfos is part of the Wireshark distribution. The latest version of Wireshark can be found at <http://www.wireshark.org>. HTML versions of the Wireshark project man pages are available at: http://www.wireshark.org/docs/man-pages <http://www.wireshark.org/docs/man-pages>. AUTHORS
Original Author -------- ------ Ian Schorr <ian[AT]ianschorr.com> Contributors ------------ Gerald Combs <gerald[AT]wireshark.org> 1.2.8 2010-05-05 CAPINFOS(1)