1CAPINFOS(1)             The Wireshark Network Analyzer             CAPINFOS(1)
2
3
4

NAME

6       capinfos - Prints information about capture files
7

SYNOPSYS

9       capinfos [ -t ] [ -E ] [ -c ] [ -s ] [ -d ] [ -u ] [ -a ] [ -e ] [ -y ]
10       [ -i ] [ -z ] [ -h ] <infile> ...
11

DESCRIPTION

13       Capinfos is a program that reads one or more capture files and returns
14       some or all available statistics of each <infile>.
15
16       The user specifies which statistics to report by specifying flags cor‐
17       responding to the statistic.  If no flags are specified, Capinfos will
18       report all statistics available.
19
20       Capinfos is able to detect and read the same capture files that are
21       supported by Wireshark.  The input files don't need a specific filename
22       extension; the file format and an optional gzip compression will be
23       automatically detected.  Near the beginning of the DESCRIPTION section
24       of wireshark(1) or <http://www.wireshark.org/docs/man-pages/wire
25       shark.html> is a detailed description of the way Wireshark handles
26       this, which is the same way Capinfos handles this.
27

OPTIONS

29       -t  Displays the capture type of the capture file.
30
31       -E  Displays the per-file encapsulation of the capture file.
32
33       -c  Counts the number of packets in the capture file.
34
35       -s  Displays the size of the file, in bytes.  This reports the size of
36           the capture file itself.
37
38       -d  Displays the total length of all packets in the file, in bytes.
39           This counts the size of the packets as they appeared in their orig‐
40           inal form, not as they appear in this file.  For example, if a
41           packet was originally 1514 bytes and only 256 of those bytes were
42           saved to the capture file (if packets were captured with a snaplen
43           or other slicing option), Capinfos will consider the packet to have
44           been 1514 bytes.
45
46       -u  Displays the capture duration, in seconds.  This is the difference
47           in time between the earliest packet seen and latest packet seen.
48
49       -a  Displays the start time of the capture.  Capinfos considers the
50           earliest timestamp seen to be the start time, so the first packet
51           in the capture is not necessarily the earliest - if packets exist
52           "out-of-order", time-wise, in the capture, Capinfos detects this.
53
54       -e  Displays the end time of the capture.  Capinfos considers the lat‐
55           est timestamp seen to be the end time, so the last packet in the
56           capture is not necessarily the latest - if packets exist
57           "out-of-order", time-wise, in the capture, Capinfos detects this.
58
59       -y  Displays the average data rate, in bytes
60
61       -i  Displays the average data rate, in bits
62
63       -z  displays the average packet size, in bytes
64
65       -h  Prints the help listing and exits.
66

SEE ALSO

68       tcpdump(8), pcap(3), wireshark(1)>, mergecap(1), editcap(1), tshark(1),
69       dumpcap(1)
70

NOTES

72       Capinfos is part of the Wireshark distribution.  The latest version of
73       Wireshark can be found at <http://www.wireshark.org>.
74
75       HTML versions of the Wireshark project man pages are available at:
76       <http://www.wireshark.org/docs/man-pages>.
77

AUTHORS

79         Original Author
80         -------- ------
81         Ian Schorr           <ian[AT]ianschorr.com>
82
83         Contributors
84         ------------
85         Gerald Combs         <gerald[AT]wireshark.org>
86
87
88
891.0.0                             2008-03-29                       CAPINFOS(1)
Impressum