CAPINFOS(1)
The Wireshark Network Analyzer
CAPINFOS(1)
NAME
capinfos − Prints information about capture files
SYNOPSIS
capinfos [ −t ] [ −E ] [ −c ] [ −s ] [ −d ] [ −u ] [ −a ] [ −e ] [ −y ] [ −i ] [ −z ] [ −x ] [ −h ] <infile> ...
DESCRIPTION
Capinfos is a program that reads one or more capture files and returns some or all available statistics of
each <infile>.
The user specifies which statistics to report by specifying flags corresponding to the statistic. If no flags are
specified, Capinfos will report all statistics available.
Capinfos is able to detect and read the same capture files that are supported by Wireshark. The input files
don’t need a specific filename extension; the file format and an optional gzip compression will be
automatically detected. Near the beginning of the DESCRIPTION section of wireshark (1) or
<http://www.wireshark.org/docs/man−pages/wireshark.html> is a detailed description of the way
Wireshark handles this, which is the same way Capinfos handles this.
OPTIONS
−t Displays the capture type of the capture file.
−E Displays the per-file encapsulation of the capture file.
−c Counts the number of packets in the capture file.
−s Displays the size of the file, in bytes. This reports the size of the capture file itself.
−d Displays the total length of all packets in the file, in bytes. This counts the size of the packets as they
appeared in their original form, not as they appear in this file. For example, if a packet was originally
1514 bytes and only 256 of those bytes were saved to the capture file (if packets were captured with a
snaplen or other slicing option), Capinfos will consider the packet to have been 1514 bytes.
−u Displays the capture duration, in seconds. This is the difference in time between the earliest packet
seen and latest packet seen.
−a Displays the start time of the capture. Capinfos considers the earliest timestamp seen to be the start
time, so the first packet in the capture is not necessarily the earliest − if packets exist ‘‘out-of-order’’,
time-wise, in the cap