NAME
pcapdump - dedicated packet capture utility
SYNOPSIS
pcapdump [OPTIONS]...
DESCRIPTION
pcapdump captures packets from a network interface and writes them to a
dumpfile. The filename argument given to -w will be formated by
strftime(3).
PCAPNET OPTIONS
-i interface
Input interface to read packets from.
-r pcap file
Dump file to read packets from.
-w pcap file
Dump file to write filtered packets to.
-f expression
BPF expression which selects packets to be filtered.
-s snaplen
Capture snaplen bytes of data from each packet.
-p Disable promiscuous mode sniffing.
PROGRAM OPTIONS
-u owner
Set the output file’s owning user to owner.
-g group
Set the output file’s owning group to group.
-m mode
Set the output file’s mode to mode, specified in octal.
-t secs
Dump file rotation interval in seconds.
-c count
Exit after capturing count packets.
-T secs
Exit after capturing during this amount of seconds.
-H Only capture link, network, and transport headers; do not
capture application-layer data.
-S sample value
Sample the packet stream by only dumping 1 in every sample value
packets.
-R Together with -S, sample the packets randomly, not
systematically.
-P pidfile
Daemonize the process and write its PID to pidfile.
-C config file
File to read configuration variables from. Instead of passing
configuration through the command line, a file can be used to
specify values for the bpf, device, filefmt, group, interval,
mode, owner, promisc, and snaplen options (not all need to be
specified; defaults will be used otherwise). See
/usr/share/doc/pcaputils/examples/pcapdump/eth0 for an example.
11 May 2009 pcapdump(1)