Man page - pcapdump(1)

Packages contains this manual

Package:  pcaputils
apt-get install pcaputils

Manuals in package:
• pcappick(1)
• pcapuc(1)
• pcapip(1)
• pcapdump(1)
Documentations in package:
• pcaputils

Manual

pcapdump

NAME
SYNOPSIS
DESCRIPTION
PCAPNET OPTIONS
PROGRAM OPTIONS

---

NAME

pcapdump - dedicated packet capture utility

SYNOPSIS

pcapdump [ OPTIONS ]...

DESCRIPTION

pcapdump captures packets from a network interface and writes them to a dumpfile. The filename argument given to -w will be formatted by strftime(3) .

PCAPNET OPTIONS

-i interface

Input interface to read packets from.

-r pcap file

Dump file to read packets from.

-w pcap file

Dump file to write filtered packets to.

-f expression

BPF expression which selects packets to be filtered.

-s snaplen

Capture snaplen bytes of data from each packet.

-p

Disable promiscuous mode sniffing.

PROGRAM OPTIONS

-u owner

Set the output file’s owning user to owner .

-g group

Set the output file’s owning group to group .

-m mode

Set the output file’s mode to mode , specified in octal.

-t secs

Dump file rotation interval in seconds.

-c count

Exit after capturing count packets.

-T secs

Exit after capturing during this amount of seconds.

-H

Only capture link, network, and transport headers; do not capture application-layer data.

-S sample value

Sample the packet stream by only dumping 1 in every sample value packets.

-R

Together with -S, sample the packets randomly, not systematically.

-P pidfile

Daemonize the process and write its PID to pidfile .

-C config file

File to read configuration variables from. Instead of passing configuration through the command line, a file can be used to specify values for the bpf , device , filefmt , group , interval , mode , owner , promisc , and snaplen options (not all need to be specified; defaults will be used otherwise). See /usr/share/doc/pcaputils/examples/pcapdump/eth0 for an example.

---