table of contents
pcapdump(1) | pcapdump(1) |
NAME¶
pcapdump - dedicated packet capture utility
SYNOPSIS¶
pcapdump
[OPTIONS]...
DESCRIPTION¶
pcapdump captures packets from a network interface and writes them to a dumpfile. The filename argument given to -w will be formated by strftime(3).
PCAPNET OPTIONS¶
- -i interface
- Input interface to read packets from.
- -r pcap file
- Dump file to read packets from.
- -w pcap file
- Dump file to write filtered packets to.
- -f expression
- BPF expression which selects packets to be filtered.
- -s snaplen
- Capture snaplen bytes of data from each packet.
- -p
- Disable promiscuous mode sniffing.
PROGRAM OPTIONS¶
- -u owner
- Set the output file's owning user to owner.
- -g group
- Set the output file's owning group to group.
- -m mode
- Set the output file's mode to mode, specified in octal.
- -t secs
- Dump file rotation interval in seconds.
- -c count
- Exit after capturing count packets.
- -T secs
- Exit after capturing during this amount of seconds.
- -H
- Only capture link, network, and transport headers; do not capture application-layer data.
- -S sample value
- Sample the packet stream by only dumping 1 in every sample value packets.
- -R
- Together with -S, sample the packets randomly, not systematically.
- -P pidfile
- Daemonize the process and write its PID to pidfile.
- -C config file
- File to read configuration variables from. Instead of passing configuration through the command line, a file can be used to specify values for the bpf, device, filefmt, group, interval, mode, owner, promisc, and snaplen options (not all need to be specified; defaults will be used otherwise). See /usr/share/doc/pcaputils/examples/pcapdump/eth0 for an example.
9 June 2024 |