.\" Hey, EMACS: -*- nroff -*- .\" (C) Copyright 2014 Ludovico Cavedon , .\" .\" First parameter, NAME, should be all caps .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection .\" other parameters are allowed: see man(7), man(1) .TH NDPIREADER 1 "2014-08-15" .\" Please adjust this date whenever revising the manpage. .\" .\" Some roff macros, for reference: .\" .nh disable hyphenation .\" .hy enable hyphenation .\" .ad l left justify .\" .ad b justify to both left and right margins .\" .nf disable filling .\" .fi enable filling .\" .br insert line break .\" .sp insert n+1 empty lines .\" for manpage-specific macros, see man(7) .SH NAME ndpiReader \- example tool for libndpi .SH SYNOPSIS .B ndpiReader .RB -i .IR file.pcap|device [\fIoptions\fR] .SH DESCRIPTION The .B ndpiReader command is an example tool that uses libndpi. .B ndpiReader is able to read from a pcap file or catpure traffic from a network interface and process it with libndpi. It implements only some basic features just to show what can be done with libndpi. .PP .SH OPTIONS .TP .B \-i \fIfile.pcap|device\fR Specify a pcap file/playlist to read packets from or a device for live capture (comma-separated list). .TP .B \-f \fIbpf_filter\fR Specify a BPF filter for filtering selected traffic. .TP .B \-s \fIduration\fR Maximum capture duration in seconds (live traffic capture only). .TP .B \-p \fIfile.protos\fR Specify a protocol file (eg. protos.txt). .TP .B \-l \fInum_loops\fR Number of detection loops (test only). .TP .B \-n \fInum_threads\fR Number of threads. Default: number of interfaces in \fB\-i\fR. Ignored with pcap files. .TP .B \-j \fIfile.json\fR Specify a file to write the content of packets in .json format. .TP .B \-g \fIid:id...\fR Thread affinity mask (one core id per thread). .TP .B \-d Disable protocol guess and use only DPI. .TP .B \-t Dissect GTP tunnels. .TP .B \-h Display a usage message. .TP .B \-v \fI1|2\fR Verbose 'unknown protocol' packet print. 1=verbose, 2=very verbose. .TP .B \-V \fI1|2\fR Verbose libndpi trace log print. 1=trace, 2=debug.