debian man page for pcapdump

pcapdump(1)															       pcapdump(1)

NAME
       pcapdump - dedicated packet capture utility

SYNOPSIS
       pcapdump [OPTIONS]...

DESCRIPTION
       pcapdump  captures  packets  from  a network interface and writes them to a dumpfile. The filename argument given to -w will be formated by
       strftime(3).

PCAPNET OPTIONS
       -i interface
	      Input interface to read packets from.

       -r pcap file
	      Dump file to read packets from.

       -w pcap file
	      Dump file to write filtered packets to.

       -f expression
	      BPF expression which selects packets to be filtered.

       -s snaplen
	      Capture snaplen bytes of data from each packet.

       -p     Disable promiscuous mode sniffing.

PROGRAM OPTIONS
       -u owner
	      Set the output file's owning user to owner.

       -g group
	      Set the output file's owning group to group.

       -m mode
	      Set the output file's mode to mode, specified in octal.

       -t secs
	      Dump file rotation interval in seconds.

       -c count
	      Exit after capturing count packets.

       -T secs
	      Exit after capturing during this amount of seconds.

       -H     Only capture link, network, and transport headers; do not capture application-layer data.

       -S sample value
	      Sample the packet stream by only dumping 1 in every sample value packets.

       -R     Together with -S, sample the packets randomly, not systematically.

       -P pidfile
	      Daemonize the process and write its PID to pidfile.

       -C config file
	      File to read configuration variables from. Instead of passing configuration through the command line, a file can be used to  specify
	      values  for  the bpf, device, filefmt, group, interval, mode, owner, promisc, and snaplen options (not all need to be specified; de-
	      faults will be used otherwise). See /usr/share/doc/pcaputils/examples/pcapdump/eth0 for an example.

								    9 May 2009							       pcapdump(1)