From 241f48d61375c1ac4413864f910dadf7fe492160 Mon Sep 17 00:00:00 2001
From: Daniel Borkmann <dborkman@redhat.com>
Date: Fri, 10 May 2013 14:28:05 +0200
Subject: man: add description about different pcap formats

Add a more detailled description of netsniff-ng's -D option into
the man-page.

Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
---
 netsniff-ng.8 | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

(limited to 'netsniff-ng.8')

diff --git a/netsniff-ng.8 b/netsniff-ng.8
index 023f777..c569380 100644
--- a/netsniff-ng.8
+++ b/netsniff-ng.8
@@ -357,6 +357,36 @@ broadcast or multicast.
 To select all ICMP packets that are not echo requests/replies (i.e., not
 ping packets).
 
+.SH PCAP FORMATS:
+
+netsniff-ng supports a couple of pcap formats, visible through ``netsniff-ng -D'':
+
+.SS tcpdump-capable pcap (default)
+Pcap magic number is encoded as 0xa1b2c3d4 resp. 0xd4c3b2a1. As packet meta data
+this format contains the timeval in microseconds, the original packet length and
+the captured packet length.
+
+.SS tcpdump-capable pcap with ns resolution
+Pcap magic number is encoded as 0xa1b23c4d resp. 0x4d3cb2a1. As packet meta data
+this format contains the timeval in nanoseconds, the original packet length and
+the captured packet length.
+
+.SS Alexey Kuznetzov's pcap
+Pcap magic number is encoded as 0xa1b2cd34 resp. 0x34cdb2a1. As packet meta data
+this format contains the timeval in microseconds, the original packet length,
+the captured packet length, the interface index (sll_ifindex), the packet's
+protocol (sll_protocol), and the packet type (sll_pkttype).
+
+.SS netsniff-ng pcap
+Pcap magic number is encoded as 0xa1e2cb12 resp. 0x12cbe2a1. As packet meta data
+this format contains the timeval in nanoseconds, the original packet length,
+the captured packet length, the timestamp hw/sw source, the interface index
+(sll_ifindex), the packet's protocol (sll_protocol), the packet type (sll_pkttype)
+and the hardware type (sll_hatype).
+
+For further implementation details or format support in your application,
+have a look at pcap_io.h.
+
 .SH NOTE
 For introducing bit errors, delays with random variation and more
 while replaying pcaps, make use of tc(8) with its disciplines such
-- 
cgit v1.2.3-54-g00ecf

7a6948394305b810d0c6203268648715e5006f'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/cgit.cgi/linux/net-next.git/tree/?id=ed7a6948394305b810d0c6203268648715e5006f'>root</a>/<a href='/cgit.cgi/linux/net-next.git/tree/Documentation?id=ed7a6948394305b810d0c6203268648715e5006f'>Documentation</a></div><div class='content'><table summary='tree listing' class='list'>
<tr class='nohover'><th class='left'>Mode</th><th class='left'>Name</th><th class='right'>Size</th><th/></tr>