NAME

capinfo - Prints information about binary capture files

SYNOPSYS

capinfo [ -t ] [ -c ] [ -s ] [ -d ] [ -u ] [ -a ] [ -e ] [ -y ] [ -i ] [ -z ] [ -h ] capfile

DESCRIPTION

Capinfo is a program that reads a saved capture file and returns any or all of several statistics about that file. Capinfo is able to detect and read any capture supported by the Ethereal package.

Capinfo can read the following file formats:

• libpcap/WinPcap, tcpdump and various other tools using tcpdump's capture format
  
• snoop and atmsnoop
  
• Shomiti/Finisar Surveyor captures
  
• Novell LANalyzer captures
  
• Microsoft Network Monitor captures
  
• AIX's iptrace captures
  
• Cinco Networks NetXRay captures
  
• Network Associates Windows-based Sniffer captures
  
• Network General/Network Associates DOS-based Sniffer (compressed or uncompressed) captures
  
• AG Group/WildPackets EtherPeek/TokenPeek/AiroPeek/EtherHelp/PacketGrabber captures
  
• RADCOM's WAN/LAN analyzer captures
  
• Network Instruments Observer version 9 captures
  
• Lucent/Ascend router debug output
  
• files from HP-UX's nettl
  
• Toshiba's ISDN routers dump output
  
• the output from i4btrace from the ISDN4BSD project
  
• traces from the EyeSDN USB S0.
  
• the output in IPLog format from the Cisco Secure Intrusion Detection System
  
• pppd logs (pppdump format)
  
• the output from VMS's TCPIPtrace/TCPtrace/UCX$TRACE utilities
  
• the text output from the DBS Etherwatch VMS utility
  
• Visual Networks' Visual UpTime traffic capture
  
• the output from CoSine L2 debug
  
• the output from Accellent's 5Views LAN agents
  
• Endace Measurement Systems' ERF format captures
  
• Linux Bluez Bluetooth stack hcidump -w traces
  

There is no need to tell Capinfo what type of file you are reading; it will determine the file type by itself. Capinfo is also capable of reading any of these file formats if they are compressed using gzip. Capinfo recognizes this directly from the file; the '.gz' extension is not required for this purpose.

The user specifies which statistics to report by specifying flags corresponding to the statistic. If no flags are specified, Capinfo will report all statistics available.

OPTIONS

-t

Displays the capture type of the capture file.

-c

Counts the number of packets in the capture file.

-s

Displays the size of the file, in bytes. This reports the size of the capture file itself.

-d

Displays the total length of all packets in the file, in bytes. This counts the size of the packets as they appeared in their original form, not as they appear in this file. For example, if a packet was originally 1514 bytes and only 256 of those bytes were saved to the capture file (if packets were captured with a snaplen or other slicing option), Capinfo will consider the packet to have been 1514 bytes.

-u

Displays the capture duration, in seconds. This is the difference in time between the earliest packet seen and latest packet seen.

-a

Displays the start time of the capture. Capinfo considers the earliest timestamp seen to be the start time, so the first packet in the capture is not necessarily the earliest - if packets exist ``out-of-order'', time-wise, in the capture, Capinfo detects this.

-e

Displays the end time of the capture. Capinfo considers the latest timestamp seen to be the end time, so the last packet in the capture is not necessarily the latest - if packets exist ``out-of-order'', time-wise, in the capture, Capinfo detects this.

-y

Displays the average data rate, in bytes

-i

Displays the average data rate, in bits

-z

displays the average packet size, in bytes

-h

Prints the help listing and exits.

SEE ALSO

tcpdump(8), pcap(3), ethereal(1), mergecap(1), editcap(1), tethereal(1)

NOTES

Capinfo is part of the Ethereal distribution. The latest version of Ethereal can be found at http://www.ethereal.com.

AUTHORS

  Original Author
  -------- ------
  Ian Schorr           <ian[AT]ianschorr.com>

  Contributors
  ------------