| blob | 7d34fe9dfd100595fb0f10bbdd9a28c5ce502656 |
1 Text2pcap (Wireshark) 4.5.0 (v4.5.0rc0-48-g7b7ca8210417)
2 Generate a capture file from an ASCII hexdump of packets.
3 See https://www.wireshark.org for more information.
5 Usage: text2pcap [options] <infile> <outfile>
7 where <infile> specifies input filename (use - for standard input)
8 <outfile> specifies output filename (use - for standard output)
10 Input:
11 -o hex|oct|dec|none parse offsets as (h)ex, (o)ctal, (d)ecimal, or (n)one;
12 default is hex.
13 -t <timefmt> treat the text before the packet as a date/time code;
14 <timefmt> is a format string supported by strptime,
15 with an optional %f descriptor for fractional seconds.
16 Example: The time "10:15:14.5476" has the format code
17 "%H:%M:%S.%f"
18 The special format string ISO supports ISO-8601 times.
19 NOTE: Date/time fields from the current date/time are
20 used as the default for unspecified fields.
21 -D the text before the packet starts with an I or an O,
22 indicating that the packet is inbound or outbound.
23 This is used when generating dummy headers if the
24 output format supports it (e.g. pcapng).
25 -a enable ASCII text dump identification.
26 The start of the ASCII text dump can be identified
27 and excluded from the packet data, even if it looks
28 like a HEX dump.
29 NOTE: Do not enable it if the input file does not
30 contain the ASCII text dump.
31 -r <regex> enable regex mode. Scan the input using <regex>, a Perl
32 compatible regular expression matching a single packet.
33 Named capturing subgroups are used to identify fields:
34 <data> (mand.), and <time>, <dir>, and <seqno> (opt.)
35 The time field format is taken from the -t option
36 Example: -r '^(?<dir>[<>])\s(?<time>\d+:\d\d:\d\d.\d+)\s(?<data>[0-9a-fA-F]+)$'
37 could match a file with lines like
38 > 0:00:00.265620 a130368b000000080060
39 < 0:00:00.295459 a2010800000000000000000800000000
40 -b 2|8|16|64 encoding base (radix) of the packet data in regex mode
41 (def: 16: hexadecimal) No effect in hexdump mode.
43 Output:
44 if the output file(s) have the .gz extension, then
45 gzip compression will be used.
46 -F <capture type> set the output file type; default is pcapng.
47 an empty "-F" option will list the file types.
48 -E <encap type> set the output file encapsulation type; default is
49 ether (Ethernet). An empty "-E" option will list
50 the encapsulation types.
51 -l <typenum> set the output file encapsulation type via link-layer
52 type number; default is 1 (Ethernet). See
53 https://www.tcpdump.org/linktypes.html for a list of
54 numbers.
55 Example: -l 7 for ARCNet packets.
56 -m <max-packet> max packet length in output; default is 262144
57 -N <intf-name> assign name to the interface in the pcapng file.
58 --compress <type> Compress the output file using the type compression format.
60 Prepend dummy header:
61 -e <ethertype> prepend dummy Ethernet II header with specified EtherType
62 (in HEX).
63 Example: -e 0x806 to specify an ARP packet.
64 -i <proto> prepend dummy IP header with specified IP protocol
65 (in DECIMAL).
66 Automatically prepends Ethernet header as well if
67 link-layer type is Ethernet.
68 Example: -i 46
69 -4 <srcip>,<destip> prepend dummy IPv4 header with specified
70 source and destination addresses.
71 Example: -4 10.0.0.1,10.0.0.2
72 -6 <srcip>,<destip> prepend dummy IPv6 header with specified
73 source and destination addresses.
74 Example: -6 2001:db8::b3ff:fe1e:8329,2001:0db8:85a3::8a2e:0370:7334
75 -u <srcp>,<destp> prepend dummy UDP header with specified
76 source and destination ports (in DECIMAL).
77 Automatically prepends Ethernet & IP headers as well.
78 Example: -u 1000,69 to make the packets look like
79 TFTP/UDP packets.
80 -T <srcp>,<destp> prepend dummy TCP header with specified
81 source and destination ports (in DECIMAL).
82 Automatically prepends Ethernet & IP headers as well.
83 Example: -T 50,60
84 -s <srcp>,<dstp>,<tag> prepend dummy SCTP header with specified
85 source/destination ports and verification tag (in DECIMAL).
86 Automatically prepends Ethernet & IP headers as well.
87 Example: -s 30,40,34
88 -S <srcp>,<dstp>,<ppi> prepend dummy SCTP header with specified
89 source/destination ports and verification tag 0.
90 Automatically prepends a dummy SCTP DATA
91 chunk header with payload protocol identifier ppi.
92 Example: -S 30,40,34
93 -P <dissector> prepend EXPORTED_PDU header with specified dissector
94 as the payload DISSECTOR_NAME tag.
95 Automatically sets link type to Upper PDU Export.
96 EXPORTED_PDU payload defaults to "data" otherwise.
98 Diagnostic output:
99 --log-level <level> sets the active log level ("critical", "warning", etc.)
100 --log-fatal <level> sets level to abort the program ("critical" or "warning")
101 --log-domains <[!]list> comma-separated list of the active log domains
102 --log-fatal-domains <list>
103 list of domains that cause the program to abort
104 --log-debug <[!]list> list of domains with "debug" level
105 --log-noisy <[!]list> list of domains with "noisy" level
106 --log-file <path> file to output messages to (in addition to stderr)
108 Miscellaneous:
109 -h, --help display this help and exit
110 -v, --version print version information and exit
111 -q don't report processed packet counts