Scroll to navigation

REORDERCAP(1)   REORDERCAP(1)

NAME

reordercap - Reorder input file by timestamp into output file

SYNOPSIS

reordercap-n ] <infile> <outfile>

reordercap -h|--help

reordercap -v|--version

DESCRIPTION

Reordercap is a program that reads an input capture file and rewrites the frames to an output capture file, but with the frames sorted by increasing timestamp.

This functionality may be useful when capture files have been created by combining frames from more than one well-synchronised source, but the frames have not been combined in strict time order.

Reordercap writes the output capture file in the same format as the input capture file.

Reordercap is able to detect, read and write the same capture files that are supported by Wireshark. The input file doesn’t need a specific filename extension; the file format and an optional gzip, zstd or lz4 compression will be automatically detected. Near the beginning of the DESCRIPTION section of wireshark(1) or <https://www.wireshark.org/docs/man-pages/wireshark.html> is a detailed description of the way Wireshark handles this, which is the same way reordercap handles this.

OPTIONS

-h|--help

Print the version number and options and exit.

-n

When the -n option is used, reordercap will not write out the output file if it finds that the input file is already in order.

-v|--version

Print the full version information and exit.

DIAGNOSTIC OPTIONS

--log-level <level>

Set the active log level. Supported levels in lowest to highest order are "noisy", "debug", "info", "message", "warning", "critical", and "error". Messages at each level and higher will be printed, for example "warning" prints "warning", "critical", and "error" messages and "noisy" prints all messages. Levels are case insensitive.

--log-fatal <level>

Abort the program if any messages are logged at the specified level or higher. For example, "warning" aborts on any "warning", "critical", or "error" messages.

--log-domains <list>

Only print messages for the specified log domains, e.g. "GUI,Epan,sshdump". List of domains must be comma-separated. Can be negated with "!" as the first character (inverts the match).

--log-debug <list>

Force the specified domains to log at the "debug" level. List of domains must be comma-separated. Can be negated with "!" as the first character (inverts the match).

--log-noisy <list>

Force the specified domains to log at the "noisy" level. List of domains must be comma-separated. Can be negated with "!" as the first character (inverts the match).

--log-fatal-domains <list>

Abort the program if any messages are logged for the specified log domains. List of domains must be comma-separated.

--log-file <path>

Write log messages and stderr output to the specified file.

SEE ALSO

pcap(3), wireshark(1), tshark(1), dumpcap(1), editcap(1), mergecap(1), text2pcap(1), pcap-filter(7) or tcpdump(8)

NOTES

This is the manual page for Reordercap 4.4.2. Reordercap is part of the Wireshark distribution. The latest version of Wireshark can be found at <https://www.wireshark.org>.

It may make sense to move this functionality into editcap, or perhaps mergecap, in which case reordercap could be retired.

HTML versions of the Wireshark project man pages are available at <https://www.wireshark.org/docs/man-pages>.

AUTHORS

Original Author
Martin Mathieson <martin.r.mathieson[AT]googlemail.com>

2024-11-21