Options | |||
---|---|---|---|
Option | Param | Description | |
--adjust | time | Adjust time stamps of the network dump by adding 'time' seconds. This may help to synchronize different dumps. The argument is scanned for SI factors, time units, plus and minus terms. | |
--skip | time | Skip first 'time' seconds of each read network dump. The argument is scanned for SI factors, time units, plus and minus terms. Negative values are relative to the end (or ignored for pipes). | |
--term | time | Terminate each dump at 'time' seconds. The argument is scanned for SI factors, time units, plus and minus terms. Negative values are relative to the end (or ignored for pipes). | |
--combine | Logical combine network dumps to one single dump before executing options --skip and --term. | ||
--checksum | Normally, UDP packets with wrong checksums are dropped. If --checksum is set, the checksums are calculated, but no packet is dropped. Some dumps will print a status info. If set twice, checksums are never calculated and assumed to be correct. --csum is a short cut. | ||
-f | --follow | Don't close the last input dump on reaching end of file. Instead wait for appended data. This works like the unix tool 'tail -f'. | |
--ip | addr[:port] | Define an address (IP or DNS name) and optional a port for filtering. Only packets from or to this host are accepted, all others are ignored. | |
--home | addr | Define an address (IP or DNS name) as home client.
Without this options, the tool tries to determine the home client by analysing sender and receiver of the first non filtered packet. A local network (10/8, 172.16/12, 192.168/16, 169.254/16) has priority over a non local network. If sender and receiver have the same priority, the IP of the sender is used. |
|
--wii | addr[:port] | Define an address (IP or DNS name) and optional a port as home client and for filtering. This options is a shortcut for »--home addr --ip addr:port«. | |
--real-time-factor | factor | If set (>0.0), the time differences of the packet time is compared with the real time difference. If a packet will be served to early, the tool sleeps a while.
Value 1.0 forces a real time dump. Values >1.0 force a time-laps effect and values <1.0 a slow-motion effect. --rtf is a short cut. The intention of this option is to simulate a regular input stream on already dumped and stored data in real time. Use this option never for live incoming data, because packets may be lost. |
|
--real-time-wait | seconds | If set (>0.0) and the real time option --real-time-factor is enabled, it defines the maximum real time between 2 packets. The default is 3 seconds. --rtw is a short cut. | |
--write | file | Write filtered network packets as PCAP v2.4 to 'file' with local endian and microseconds format. | |
--wflush | Flush the output after each packet written by --write. |