capinfos



CAPINFOS(1)              The Ethereal Network Analyzer             CAPINFOS(1)




NAME

       capinfos - Prints information about binary capture files


SYNOPSYS

       capinfos [ -t ] [ -c ] [ -s ] [ -d ] [ -u ] [ -a ] [ -e ] [ -y ] [ -i ]
       [ -z ] [ -h ] capfile ...


DESCRIPTION

       Capinfos is a program that reads one or more saved capture files and
       returns any or all of several statistics about each file.  Capinfos is
       able to detect and read any capture supported by the Ethereal package.

       Capinfos can read the following file formats:

       * libpcap/WinPcap, tcpdump and various other tools using tcpdump’s cap-
       ture format
       * snoop and atmsnoop
       * Shomiti/Finisar Surveyor captures
       * Novell LANalyzer captures
       * Microsoft Network Monitor captures
       * AIX’s iptrace captures
       * Cinco Networks NetXRay captures
       * Network Associates Windows-based Sniffer captures
       * Network General/Network Associates DOS-based Sniffer (compressed or
       uncompressed) captures
       * AG Group/WildPackets EtherPeek/TokenPeek/AiroPeek/EtherHelp/Packet-
       Grabber captures
       * RADCOM’s WAN/LAN analyzer captures
       * Network Instruments Observer version 9 captures
       * Lucent/Ascend router debug output
       * files from HP-UX’s nettl
       * Toshibas ISDN routers dump output
       * the output from i4btrace from the ISDN4BSD project
       * traces from the EyeSDN USB S0.
       * the output in IPLog format from the Cisco Secure Intrusion Detection
       System
       * pppd logs (pppdump format)
       * the output from VMS’s TCPIPtrace/TCPtrace/UCX$TRACE utilities
       * the text output from the DBS Etherwatch VMS utility
       * Visual Networks’ Visual UpTime traffic capture
       * the output from CoSine L2 debug
       * the output from Accellent’s 5Views LAN agents
       * Endace Measurement Systems’ ERF format captures
       * Linux Bluez Bluetooth stack hcidump -w traces

       There is no need to tell Capinfos what type of file you are reading; it
       will determine the file type by itself.  Capinfos is also capable of
       reading any of these file formats if they are compressed using gzip.
       Capinfos recognizes this directly from the file; the ’.gz’ extension is
       not required for this purpose.

       The user specifies which statistics to report by specifying flags cor-
       responding to the statistic.  If no flags are specified, Capinfos will
       report all statistics available.


OPTIONS

       -t  Displays the capture type of the capture file.

       -c  Counts the number of packets in the capture file.

       -s  Displays the size of the file, in bytes.  This reports the size of
           the capture file itself.

       -d  Displays the total length of all packets in the file, in bytes.
           This counts the size of the packets as they appeared in their orig-
           inal form, not as they appear in this file.  For example, if a
           packet was originally 1514 bytes and only 256 of those bytes were
           saved to the capture file (if packets were captured with a snaplen
           or other slicing option), Capinfos will consider the packet to have
           been 1514 bytes.

       -u  Displays the capture duration, in seconds.  This is the difference
           in time between the earliest packet seen and latest packet seen.

       -a  Displays the start time of the capture.  Capinfos considers the
           earliest timestamp seen to be the start time, so the first packet
           in the capture is not necessarily the earliest - if packets exist
           "out-of-order", time-wise, in the capture, Capinfos detects this.

       -e  Displays the end time of the capture.  Capinfos considers the lat-
           est timestamp seen to be the end time, so the last packet in the
           capture is not necessarily the latest - if packets exist
           "out-of-order", time-wise, in the capture, Capinfos detects this.

       -y  Displays the average data rate, in bytes

       -i  Displays the average data rate, in bits

       -z  displays the average packet size, in bytes

       -h  Prints the help listing and exits.


SEE ALSO

       tcpdump(8), pcap(3), ethereal(1), mergecap(1), editcap(1), tethereal(1)


NOTES

       Capinfos is part of the Ethereal distribution.  The latest version of
       Ethereal can be found at http://www.ethereal.com.


AUTHORS

         Original Author
         -------- ------
         Ian Schorr           <ian[AT]ianschorr.com>

         Contributors
         ------------
         Gerald Combs         <gerald[AT]ethereal.com>



0.10.14                           2005-12-26                       CAPINFOS(1)

Man(1) output converted with man2html