Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

ipgrab(8) [debian man page]

IPGRAB(8)						      System Manager's Manual							 IPGRAB(8)

NAME

       ipgrab - A Verbose Packet Sniffer

SYNOPSIS

       ipgrab [ -ablmnPprTtwx ] [ -c cnt ] [ -i if ] [ expr ]

DESCRIPTION

       ipgrab  reads  and parses packets from the link layer through the application layer, dumping explicit header information along the way.	It
       is a lot like tcpdump except that it prints almost every header field.

   Options
       -a     Do not display application layer data.

       -b     Buffer standard output. Useful when you're redirecting output to a file.

       -c cnt, --count cnt
	      Terminate after receiving cnt packets.

       -C proto, --CCP proto
	      Assume a particular CCP protocol, such as MPPC. MPPC is the only one supported as yet.

       -d     Dump extra padding in packets. For example, according to an IP header, the packet ends at a certain point, but the  link	layer  may
	      have padded it beyond that. This option displays the padding. Not valid in minimal mode.

       -h, --help
	      Display usage screen with a brief description of the command line options.

       -i if, --interface if
	      Makes ipgrab listen to packets on interface if, e.g., eth0. If this option is not used, the default interface will be assumed.

       -l     Don't  display  link-layer  headers.  The  following protocols are considered to be link layer: ARP, CHAP, Ethernet, IPCP, LCP, LLC,
	      Loopback, PPP, PPPoE, Raw, Slip.

       -m     Minimal mode output. When operating in this mode, ipgrab displays only brief header information.

       -n     Don't display network-layer headers. The following protocols are considered to be network layer: AH, ESP, GRE, ICMP,  ICMPv6,  IGMP,
	      IP, IPv6, IPX, IPXRIP.

       -P string
	      Initiate a dynamic port mapping. This option must be followed by a string of the form `<protocol>=<port>', such as `http=8080'.

       -p     Dump  packet payloads beyond what IPgrab parses. In other words, if IPgrab does not parse a particular application, this option will
	      dump application data in hex and text format.

       -r FILE
	      Read packets from a file, rather than an interface. The file shoule be created in "raw" format, such as with '-w' option.

       -T     Do not display timestamps in minimal mode.

       -t     Don't display transport layer headers. The following protocols are considered to be transport layer: SPX, TCP, UDP.

       -v, --version
	      Display version number and then quit.

       -w FILE
	      Write the raw packets to a file, rather than the screen. The packets will not be parsed. The file can be read with the '-r' option.

       -x     Hex dump mode. After processing each layer, dump out the contents of that layer in hex and text. Only valid in main mode.

       expr   Berkeley packet filter expression.  See tcpdump(8) man page for details and examples.

SEE ALSO

       tcpdump(8)

NOTES

       Requires libpcap version 0.3 or greater to be installed.

AUTHOR

       Michael S. Borella
       http://www.borella.net/mike/
       mike@borella.net

								   07 March 2007							 IPGRAB(8)

Check Out this Related Man Page

PCAP_INJECT(3PCAP)														PCAP_INJECT(3PCAP)

NAME

       pcap_inject, pcap_sendpacket - transmit a packet

SYNOPSIS

       #include <pcap/pcap.h>

       int pcap_inject(pcap_t *p, const void *buf, size_t size);
       int pcap_sendpacket(pcap_t *p, const u_char *buf, int size);

DESCRIPTION

       pcap_inject()  sends a raw packet through the network interface; buf points to the data of the packet, including the link-layer header, and
       size is the number of bytes in the packet.

       Note that, even if you successfully open the network interface, you might not have permission to send packets on it, or it might  not  sup-
       port sending packets; as pcap_open_live() doesn't have a flag to indicate whether to open for capturing, sending, or capturing and sending,
       you cannot request an open that supports sending and be notified at open time whether sending  will  be	possible.   Note  also	that  some
       devices might not support sending packets.

       Note  that, on some platforms, the link-layer header of the packet that's sent might not be the same as the link-layer header of the packet
       supplied to pcap_inject(), as the source link-layer address, if the header contains such an address, might be changed  to  be  the  address
       assigned  to the interface on which the packet it sent, if the platform doesn't support sending completely raw and unchanged packets.  Even
       worse, some drivers on some platforms might change the link-layer type field to whatever value libpcap used when attaching to  the  device,
       even on platforms that do nominally support sending completely raw and unchanged packets.

       pcap_sendpacket()  is  like  pcap_inject(), but it returns 0 on success, rather than returning the number of bytes written.  (pcap_inject()
       comes from OpenBSD; pcap_sendpacket() comes from WinPcap.  Both are provided for compatibility.)

RETURN VALUE

       pcap_inject() returns the number of bytes written on success and -1 on failure.

       pcap_sendpacket() returns 0 on success and -1 on failure.

       If -1 is returned, pcap_geterr() or pcap_perror() may be called with p as an argument to fetch or display the error text.

SEE ALSO

       pcap(3PCAP), pcap_geterr(3PCAP)

								   5 April 2008 						PCAP_INJECT(3PCAP)
Man Page