wiki:tcpcapinfo

tcpcapinfo

TOC(depth=2, manual, tcpreplay, tcpliveplay, tcpprep, tcprewrite, tcpbridge, tcpcapinfo, flowreplay, commonargs, usage, FAQ)?

Overview

tcpcapinfo was born out of a need for me to diagnose tcprewrite bugs and broken pcap files. Honestly, it's usefulness is probably limited only to people who code applications which read/write pcap files, but I include it with the Tcpreplay Suite for completeness. tcpcapinfo was first released in version 3.4.5.

Basic Usage

$ tcpcapinfo file.pcap

Will process file.pcap and report information about the libpcap packet/file headers, a packet checksum and some basic sanity checks such as if the packet is too large given the pcap file's snaplen header value or if the timestamp goes backwards in time. Note that the "packet checksum" is not the same thing as the IP checksum, and is intended to provide a means if two ethernet frames are the same.

Advanced Usage

There is no advanced usage for tcpcapinfo.

Previous: tcpbridge | Next: flowreplay

Last modified 5 years ago Last modified on 09/05/12 06:26:35