pcapdump - dedicated packet capture utility
pcapdump captures packets from a network interface and
writes them to a dumpfile. The filename argument given to -w will be
formated by strftime(3).
- -i interface
- Input interface to read packets from.
- -r pcap file
- Dump file to read packets from.
- -w pcap file
- Dump file to write filtered packets to.
- -f expression
- BPF expression which selects packets to be filtered.
- -s snaplen
- Capture snaplen bytes of data from each packet.
- -p
- Disable promiscuous mode sniffing.
- -u owner
- Set the output file's owning user to owner.
- -g group
- Set the output file's owning group to group.
- -m mode
- Set the output file's mode to mode, specified in octal.
- -t secs
- Dump file rotation interval in seconds.
- -c count
- Exit after capturing count packets.
- -T secs
- Exit after capturing during this amount of seconds.
- -H
- Only capture link, network, and transport headers; do not capture
application-layer data.
- -S sample
value
- Sample the packet stream by only dumping 1 in every sample value
packets.
- -R
- Together with -S, sample the packets randomly, not systematically.
- -P pidfile
- Daemonize the process and write its PID to pidfile.
- -C config
file
- File to read configuration variables from. Instead of passing
configuration through the command line, a file can be used to specify
values for the bpf, device, filefmt, group,
interval, mode, owner, promisc, and
snaplen options (not all need to be specified; defaults will be
used otherwise). See /usr/share/doc/pcaputils/examples/pcapdump/eth0 for
an example.