NAME¶
ipgrab - A Verbose Packet Sniffer
SYNOPSIS¶
ipgrab [ -ablmnPprTtwx ] [ -c
cnt ] [ -i
if ] [ expr ]
DESCRIPTION¶
ipgrab reads and parses packets from the link layer through the
application layer, dumping explicit header information along the way. It is a
lot like
tcpdump except that it prints almost every header field.
Options¶
- -a
- Do not display application layer data.
- -b
- Buffer standard output. Useful when you're redirecting
output to a file.
- -c cnt, --count cnt
- Terminate after receiving cnt packets.
- -C proto, --CCP proto
- Assume a particular CCP protocol, such as MPPC. MPPC is the
only one supported as yet.
- -d
- Dump extra padding in packets. For example, according to an
IP header, the packet ends at a certain point, but the link layer may have
padded it beyond that. This option displays the padding. Not valid in
minimal mode.
- -h, --help
- Display usage screen with a brief description of the
command line options.
- -i if, --interface if
- Makes ipgrab listen to packets on interface if,
e.g., eth0. If this option is not used, the default interface will be
assumed.
- -l
- Don't display link-layer headers. The following protocols
are considered to be link layer: ARP, CHAP, Ethernet, IPCP, LCP, LLC,
Loopback, PPP, PPPoE, Raw, Slip.
- -m
- Minimal mode output. When operating in this mode, ipgrab
displays only brief header information.
- -n
- Don't display network-layer headers. The following
protocols are considered to be network layer: AH, ESP, GRE, ICMP, ICMPv6,
IGMP, IP, IPv6, IPX, IPXRIP.
- -P string
- Initiate a dynamic port mapping. This option must be
followed by a string of the form `<protocol>=<port>', such as
`http=8080'.
- -p
- Dump packet payloads beyond what IPgrab parses. In other
words, if IPgrab does not parse a particular application, this option will
dump application data in hex and text format.
- -r FILE
- Read packets from a file, rather than an interface. The
file shoule be created in "raw" format, such as with '-w'
option.
- -T
- Do not display timestamps in minimal mode.
- -t
- Don't display transport layer headers. The following
protocols are considered to be transport layer: SPX, TCP, UDP.
- -v, --version
- Display version number and then quit.
- -w FILE
- Write the raw packets to a file, rather than the screen.
The packets will not be parsed. The file can be read with the '-r'
option.
- -x
- Hex dump mode. After processing each layer, dump out the
contents of that layer in hex and text. Only valid in main mode.
- expr
- Berkeley packet filter expression. See tcpdump(8) man page
for details and examples.
SEE ALSO¶
tcpdump(8)
NOTES¶
Requires libpcap version 0.3 or greater to be installed.
AUTHOR¶
Michael S. Borella
http://www.borella.net/mike/
mike@borella.net