editcap的使用

  1 editcap.exe -h
  2 Editcap (Wireshark) 2.4.1 (v2.4.1-0-gf42a0d2b6c)
  3 Edit and/or translate the format of capture files.
  4 See https://www.wireshark.org for more information.
  5 
  6 Usage: editcap [options] ... <infile> <outfile> [ <packet#>[-<packet#>] ... ]
  7 
  8 <infile> and <outfile> must both be present.
  9 A single packet or a range of packets can be selected.
 10 
 11 Packet selection:
 12   -r                     keep the selected packets; default is to delete them.
 13   -A <start time>        only output packets whose timestamp is after (or equal
 14                          to) the given time (format as YYYY-MM-DD hh:mm:ss).
 15   -B <stop time>         only output packets whose timestamp is before the
 16                          given time (format as YYYY-MM-DD hh:mm:ss).
 17 
 18 Duplicate packet removal:
 19   --novlan               remove vlan info from packets before checking for dupli
 20 cates.
 21   -d                     remove packet if duplicate (window == 5).
 22   -D <dup window>        remove packet if duplicate; configurable <dup window>.
 23                          Valid <dup window> values are 0 to 1000000.
 24                          NOTE: A <dup window> of 0 with -v (verbose option) is
 25                          useful to print MD5 hashes.
 26   -w <dup time window>   remove packet if duplicate packet is found EQUAL TO OR
 27                          LESS THAN <dup time window> prior to current packet.
 28                          A <dup time window> is specified in relative seconds
 29                          (e.g. 0.000001).
 30   -a <framenum>:<comment> Add or replace comment for given frame number
 31 
 32   -I <bytes to ignore>   ignore the specified number of bytes at the beginning
 33