Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
Let The Music Play: Join EFF Today

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
Copyright Info
Terms of Use
Privacy Info
Masthead / Impressum
Your Account

Private Messages

News Archive
Submit News
User Articles
Web Links


The Web

Who's Online
There are currently, 67 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here




       editcap [ -F file format ] [ -T encapsulation type ]
       [ -r ] [ -v ] [ -s snaplen ] [ -t time adjustment ] [ -h ]
       infile outfile [ record# ... ]


       Editcap is a program that reads a saved capture file and
       writes some or all of the packets in that capture file to
       another capture file.  Editcap knows how to read libpcap
       capture files, including those of tcpdump, Ethereal, and
       other tools that write captures in that format.  In addi­
       tion, Editcap can read capture files from snoop and atm­
       snoop, Shomiti/Finisar Surveyor, Novell LANalyzer, Network
       General/Network Associates DOS-based Sniffer (compressed
       or uncompressed), Microsoft Network Monitor, AIX's
       iptrace, Cinco Networks NetXRay, Network Associates Win­
       dows-based Sniffer, AG Group/WildPackets EtherPeek/Token­
       Peek/AiroPeek, RADCOM's WAN/LAN analyzer, Lucent/Ascend
       router debug output, HP-UX's nettl, the dump output from
       Toshiba's ISDN routers, the output from i4btrace from the
       ISDN4BSD project, the output in IPLog format from the
       Cisco Secure Intrusion Detection System, pppd logs (ppp­
       dump format), the output from VMS's TCPIPtrace/TCP­
       traceUCX$TRACE utilities, the text output from the DBS
       Etherwatch VMS utility, traffic capture files from Visual
       Networks' Visual UpTime and the output from CoSine L2
       debug.  There is no need to tell Editcap what type of file
       you are reading; it will determine the file type by
       itself.  Editcap is also capable of reading any of these
       file formats if they are compressed using gzip.  Editcap
       recognizes this directly from the file; the '.gz' exten­
       sion is not required for this purpose.

       By default, it writes the capture file in libpcap format,
       and writes all of the packets in the capture file to the
       output file.  The -F flag can be used to specify the for­
       mat in which to write the capture file; it can write the
       file in libpcap format (standard libpcap format, a modi­
       fied format used by some patched versions of libpcap, the
       format used by Red Hat Linux 6.1, or the format used by
       SuSE Linux 6.3), snoop format, uncompressed Sniffer for­
       mat, Microsoft Network Monitor 1.x format, the format used
       by Windows-based versions of the Sniffer software, and the
       format used by Visual Networks' software.

       A list of packet numbers can be specified on the command
       line; the packets with those numbers will not be written
       to the capture file, unless the -r flag is specified, in
       which case only those packets will be written to the cap­
       ture file.  Ranges of packet numbers can be specified as
       start-end, referring to all packets from start to end

       If the -t flag is used to specify a time adjustment, the
       specified adjustment will be applied to all selected
       frames in the capture file.  The adjustment is specified
       as [-]seconds[.fractional seconds].  For example, -t 3600
       advances the timestamp on selected frames by one hour
       while -t -0.5 reduces the timestamp on selected frames by
       one-half second.  This feature is useful when synchroniz­
       ing dumps collected on different machines where the time
       difference between the two machines is known or can be

       If the -T flag is used to specify an encapsulation type,
       the encapsulation type of the output capture file will be
       forced to the specified type, rather than being the type
       appropriate to the encapsulation type of the input capture
       file.  Note that this merely forces the encapsulation type
       of the output file to be the specified type; the packet
       headers of the packets will not be translated from the
       encapsulation type of the input capture file to the speci­
       fied encapsulation type (for example, it will not trans­
       late an Ethernet capture to an FDDI capture if an Ethernet
       capture is read and '-T fddi' is specified).


       -F  Sets the file format of the output capture file.

       -T  Sets the packet encapsulation type of the output cap­
           ture file.

       -r  Causes the packets whose packet numbers are specified
           on the command line to be written to the output cap­
           ture file, and no other packets to be written to the
           output capture file.

       -v  Causes editcap to print a number of messages while
           it's working.

       -s  Sets the snapshot length to use when writing the data.

       -t  Sets the time adjustment to use on selected frames.

       -h  Prints the version and options and exits.


       tcpdump(8), pcap(3), ethereal(1), mergecap(1)


       Editcap is part of the Ethereal distribution.  The latest
       version of Ethereal can be found at http://www.ethe­

Show your Support for the Linux Tutorial

Purchase one of the products from our new online shop. For each product you purchase, the Linux Tutorial gets a portion of the proceeds to help keep us going.



Security Code
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!

Amazon Wish List

Did You Know?
You can get all the latest Site and Linux news by checking out our news page.


Tell a Friend About Us

Bookmark and Share

Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.09 Seconds