pcapdump

NAME

pcapdump - dedicated packet capture utility

SYNOPSIS

pcapdump [OPTIONS]...

DESCRIPTION

pcapdump captures packets from a network interface and writes them to a dumpfile. The filename argument given to -w will be formated by strftime(3).

PCAPNET OPTIONS

-i interface

Input interface to read packets from.

-r pcap file

Dump file to read packets from.

-w pcap file

Dump file to write filtered packets to.

-f expression

BPF expression which selects packets to be filtered.

-s snaplen

Capture snaplen bytes of data from each packet.

-p

Disable promiscuous mode sniffing.

PROGRAM OPTIONS

-u owner

Set the output file’s owning user to owner.

-g group

Set the output file’s owning group to group.

-m mode

Set the output file’s mode to mode, specified in octal.

-t secs

Dump file rotation interval in seconds.

-c count

Exit after capturing count packets.

-T secs

Exit after capturing during this amount of seconds.

-H

Only capture link, network, and transport headers; do not capture application-layer data.

-S sample value

Sample the packet stream by only dumping 1 in every sample value packets.

-R

Together with -S, sample the packets randomly, not systematically.

-P pidfile

Daemonize the process and write its PID to pidfile.

-C config file

File to read configuration variables from. Instead of passing configuration through the command line, a file can be used to specify values for the bpf, device, filefmt, group, interval, mode, owner, promisc, and snaplen options (not all need to be specified; defaults will be used otherwise). See /usr/share/doc/pcaputils/examples/pcapdump/eth0 for an example.