Man Linux: Main Page and Category List


       ipgrab - A Verbose Packet Sniffer


       ipgrab [ -ablmnPprTtwx ] [ -c cnt ] [ -i if ] [ expr ]


       ipgrab  reads  and  parses  packets  from  the  link  layer through the
       application layer, dumping explicit header information along  the  way.
       It  is  a  lot  like  tcpdump except that it prints almost every header

       -a     Do not display application layer data.

       -b     Buffer standard output. Useful when you’re redirecting output to
              a file.

       -c cnt, --count cnt
              Terminate after receiving cnt packets.

       -C proto, --CCP proto
              Assume a particular CCP protocol, such as MPPC. MPPC is the only
              one supported as yet.

       -d     Dump extra padding in packets. For example, according to  an  IP
              header,  the  packet ends at a certain point, but the link layer
              may have  padded  it  beyond  that.  This  option  displays  the
              padding. Not valid in minimal mode.

       -h, --help
              Display  usage  screen  with  a brief description of the command
              line options.

       -i if, --interface if
              Makes ipgrab listen to packets on interface if, e.g.,  eth0.  If
              this  option is not used, the default interface will be assumed.

       -l     Don’t display link-layer headers. The  following  protocols  are
              considered  to  be  link  layer: ARP, CHAP, Ethernet, IPCP, LCP,
              LLC, Loopback, PPP, PPPoE, Raw, Slip.

       -m     Minimal  mode  output.  When  operating  in  this  mode,  ipgrab
              displays only brief header information.

       -n     Don’t display network-layer headers. The following protocols are
              considered to be network layer:  AH,  ESP,  GRE,  ICMP,  ICMPv6,
              IGMP, IP, IPv6, IPX, IPXRIP.

       -P string
              Initiate a dynamic port mapping. This option must be followed by
              a string of the form ‘<protocol>=<port>’, such as ‘http=8080’.

       -p     Dump packet payloads beyond what IPgrab parses. In other  words,
              if  IPgrab  does not parse a particular application, this option
              will dump application data in hex and text format.

       -r FILE
              Read packets from a file, rather than  an  interface.  The  file
              shoule be created in "raw" format, such as with ’-w’ option.

       -T     Do not display timestamps in minimal mode.

       -t     Don’t  display  transport layer headers. The following protocols
              are considered to be transport layer: SPX, TCP, UDP.

       -v, --version
              Display version number and then quit.

       -w FILE
              Write the raw packets to a file, rather  than  the  screen.  The
              packets  will  not be parsed. The file can be read with the ’-r’

       -x     Hex dump  mode.  After  processing  each  layer,  dump  out  the
              contents of that layer in hex and text. Only valid in main mode.

       expr   Berkeley packet filter expression.  See tcpdump(8) man page  for
              details and examples.




       Requires libpcap version 0.3 or greater to be installed.


       Michael S. Borella

                                 07 March 2007