'\" -*- coding: us-ascii -*- .if \n(.g .ds T< \\FC .if \n(.g .ds T> \\F[\n[.fam]] .de URL \\$2 \(la\\$1\(ra\\$3 .. .if \n(.g .mso www.tmac .TH pcapdump 1 "9 May 2009" "" "" .SH NAME pcapdump \- dedicated packet capture utility .SH SYNOPSIS 'nh .fi .ad l \fBpcapdump\fR \kx .if (\nx>(\n(.l/2)) .nr x (\n(.l/5) 'in \n(.iu+\nxu [\fIOPTIONS\fR]\&... 'in \n(.iu-\nxu .ad b 'hy .SH DESCRIPTION \fBpcapdump\fR captures packets from a network interface and writes them to a dumpfile. The filename argument given to \*(T<\fB\-w\fR\*(T> will be formated by \*(T<\fBstrftime(3)\fR\*(T>. .SH "PCAPNET OPTIONS" .TP \*(T<\fB\-i \fR\*(T>\fIinterface\fR Input interface to read packets from. .TP \*(T<\fB\-r \fR\*(T>\fIpcap file\fR Dump file to read packets from. .TP \*(T<\fB\-w \fR\*(T>\fIpcap file\fR Dump file to write filtered packets to. .TP \*(T<\fB\-f \fR\*(T>\fIexpression\fR BPF expression which selects packets to be filtered. .TP \*(T<\fB\-s \fR\*(T>\fIsnaplen\fR Capture \fIsnaplen\fR bytes of data from each packet. .TP \*(T<\fB\-p\fR\*(T> Disable promiscuous mode sniffing. .SH "PROGRAM OPTIONS" .TP \*(T<\fB\-u \fR\*(T>\fIowner\fR Set the output file's owning user to \fIowner\fR. .TP \*(T<\fB\-g \fR\*(T>\fIgroup\fR Set the output file's owning group to \fIgroup\fR. .TP \*(T<\fB\-m \fR\*(T>\fImode\fR Set the output file's mode to \fImode\fR, specified in octal. .TP \*(T<\fB\-t \fR\*(T>\fIsecs\fR Dump file rotation interval in seconds. .TP \*(T<\fB\-c \fR\*(T>\fIcount\fR Exit after capturing \fIcount\fR packets. .TP \*(T<\fB\-T \fR\*(T>\fIsecs\fR Exit after capturing during this amount of seconds. .TP \*(T<\fB\-H \fR\*(T> Only capture link, network, and transport headers; do not capture application-layer data. .TP \*(T<\fB\-S \fR\*(T>\fIsample value\fR Sample the packet stream by only dumping 1 in every \fIsample value\fR packets. .TP \*(T<\fB\-R \fR\*(T> Together with -S, sample the packets randomly, not systematically. .TP \*(T<\fB\-P \fR\*(T>\fIpidfile\fR Daemonize the process and write its PID to \fIpidfile\fR. .TP \*(T<\fB\-C \fR\*(T>\fIconfig file\fR File to read configuration variables from. Instead of passing configuration through the command line, a file can be used to specify values for the \*(T<\fBbpf\fR\*(T>, \*(T<\fBdevice\fR\*(T>, \*(T<\fBfilefmt\fR\*(T>, \*(T<\fBgroup\fR\*(T>, \*(T<\fBinterval\fR\*(T>, \*(T<\fBmode\fR\*(T>, \*(T<\fBowner\fR\*(T>, \*(T<\fBpromisc\fR\*(T>, and \*(T<\fBsnaplen\fR\*(T> options (not all need to be specified; defaults will be used otherwise). See /usr/share/doc/pcaputils/examples/pcapdump/eth0 for an example.