The third argument to linkaddr_string is one of the LINKADDR_ enums.

[tcpdump] / tcpdump.1.in

diff --git a/tcpdump.1.in b/tcpdump.1.in
index e9831e2deb7487f1f58a4618f6b2edaf2300464d..c977e06f1bb58d08635bec8395ad02c279b50132 100644 (file)
--- a/tcpdump.1.in
+++ b/tcpdump.1.in
@@ -20,7 +20,7 @@
 .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
 .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 .\"
-.TH TCPDUMP 1  "2 February 2017"
+.TH TCPDUMP 1  "2 Apr 2019"
 .SH NAME
 tcpdump \- dump traffic on a network
 .SH SYNOPSIS
@@ -218,7 +218,7 @@ flag will forcibly flush the packet buffer into the output file.
 .LP
 Reading packets from a network interface may require that you have
 special privileges; see the
-.B pcap (3PCAP)
+.BR pcap (3PCAP)
 man page for details.  Reading a saved packet file doesn't require
 special privileges.
 .SH OPTIONS
@@ -292,7 +292,7 @@ flag will not be supported if
 was built with an older version of
 .I libpcap
 that lacks the
-.B pcap_findalldevs()
+.BR pcap_findalldevs(3PCAP)
 function.
 .TP
 .B \-e
@@ -361,6 +361,9 @@ Savefiles will have the name specified by
 which should include a time format as defined by
 .BR strftime (3).
 If no time format is specified, each new file will overwrite the previous.
+Whenever a generated filename is not unique, tcpdump will overwrite the
+preexisting data; providing a time specification that is coarser than the
+capture period is therefore not advised.
 .IP
 If used in conjunction with the
 .B \-C
@@ -443,7 +446,7 @@ terminal rather than to a file or pipe.
 .PD
 Set the time stamp type for the capture to \fItstamp_type\fP.  The names
 to use for the time stamp types are given in
-.BR pcap-tstamp (@MAN_MISC_INFO@);
+.BR \%pcap-tstamp (@MAN_MISC_INFO@);
 not all the types listed there will necessarily be valid for any given
 interface.
 .TP
@@ -475,6 +478,19 @@ The supported values for \fItimestamp_precision\fP are \fBmicro\fP for
 microsecond resolution and \fBnano\fP for nanosecond resolution.  The
 default is microsecond resolution.
 .TP
+.B \-\-micro
+.PD 0
+.TP
+.B \-\-nano
+.PD
+Shorthands for \fB\-\-time\-stamp\-precision=micro\fP or
+\fB\-\-time\-stamp\-precision=nano\fP, adjusting the time stamp
+precision accordingly.  When reading packets from a savefile, using
+\fB\-\-micro\fP truncates time stamps if the savefile was created with
+nanosecond precision.  In contrast, a savefile created with microsecond
+precision will have trailing zeroes added to the time stamp when
+\fB\-\-nano\fP is used.
+.TP
 .B \-K
 .PD 0
 .TP
@@ -684,16 +700,20 @@ Print the timestamp, as seconds since January 1, 1970, 00:00:00, UTC, and
 fractions of a second since that time, on each dump line.
 .TP
 .B \-ttt
-Print a delta (micro-second resolution) between current and previous line
-on each dump line.
+Print a delta (microsecond or nanosecond resolution depending on the
+.B \-\-time\-stamp-precision
+option) between current and previous line on each dump line.
+The default is microsecond resolution.
 .TP
 .B \-tttt
 Print a timestamp, as hours, minutes, seconds, and fractions of a second
 since midnight, preceded by the date, on each dump line.
 .TP
 .B \-ttttt
-Print a delta (micro-second resolution) between current and first line
-on each dump line.
+Print a delta (microsecond or nanosecond resolution depending on the
+.B \-\-time\-stamp-precision
+option) between current and first line on each dump line.
+The default is microsecond resolution.
 .TP
 .B \-u
 Print undecoded NFS handles.
@@ -727,7 +747,7 @@ flag will not be supported if
 was built with an older version of
 .I libpcap
 that lacks the
-.B pcap_dump_flush()
+.BR pcap_dump_flush(3PCAP)
 function.
 .TP
 .B \-v
@@ -797,9 +817,15 @@ files, allowing them to sort correctly.
 Used in conjunction with the
 .B \-G
 option, this will limit the number of rotated dump files that get
-created, exiting with status 0 when reaching the limit. If used with
+created, exiting with status 0 when reaching the limit.
+.IP
+If used in conjunction with both
 .B \-C
-as well, the behavior will result in cyclical files per timeslice.
+and
+.B \-G,
+the
+.B \-W
+option will currently be ignored, and will only affect the file name.
 .TP
 .B \-x
 When parsing and printing,
@@ -1156,7 +1182,7 @@ those are reported as \fBECT(1)\fP, \fBECT(0)\fP, or \fBCE\fP.
 \fIoffset\fP is the fragment offset field; it is printed whether this is
 part of a fragmented datagram or not.
 \fIflags\fP are the MF and DF flags; \fB+\fP is reported if MF is set,
-and \fBDF\P is reported if F is set.  If neither are set, \fB.\fP is
+and \fBDF\fP is reported if F is set.  If neither are set, \fB.\fP is
 reported.
 \fIproto\fP is the protocol ID field.
 \fIlength\fP is the total length field.
@@ -1217,7 +1243,7 @@ host \fIcsam\fP.
 .RS
 .nf
 .sp .5
-\s-2\f(CWIP rtsg.1023 > csam.login: Flags [S], seq 768512:768512, win 4096, opts [mss 1024]
+\f(CWIP rtsg.1023 > csam.login: Flags [S], seq 768512:768512, win 4096, opts [mss 1024]
 IP csam.login > rtsg.1023: Flags [S.], seq, 947648:947648, ack 768513, win 4096, opts [mss 1024]
 IP rtsg.1023 > csam.login: Flags [.], ack 1, win 4096
 IP rtsg.1023 > csam.login: Flags [P.], seq 1:2, ack 1, win 4096, length 1
@@ -1225,7 +1251,7 @@ IP csam.login > rtsg.1023: Flags [.], ack 2, win 4096
 IP rtsg.1023 > csam.login: Flags [P.], seq 2:21, ack 1, win 4096, length 19
 IP csam.login > rtsg.1023: Flags [P.], seq 1:2, ack 21, win 4077, length 1
 IP csam.login > rtsg.1023: Flags [P.], seq 2:3, ack 21, win 4077, urg 1, length 1
-IP csam.login > rtsg.1023: Flags [P.], seq 3:4, ack 21, win 4077, urg 1, length 1\fR\s+2
+IP csam.login > rtsg.1023: Flags [P.], seq 3:4, ack 21, win 4077, urg 1, length 1\fR
 .sp .5
 .fi
 .RE
@@ -1826,9 +1852,9 @@ protocol) and packet size.
 .RS
 .nf
 .sp .5
-\s-2\f(CWicsd-net.112.220 > jssmag.2: nbp-lkup 190: "=:LaserWriter@*"
+\f(CWicsd-net.112.220 > jssmag.2: nbp-lkup 190: "=:LaserWriter@*"
 jssmag.209.2 > icsd-net.112.220: nbp-reply 190: "RM1140:LaserWriter@*" 250
-techpit.2 > icsd-net.112.220: nbp-reply 190: "techpit:LaserWriter@*" 186\fR\s+2
+techpit.2 > icsd-net.112.220: nbp-reply 190: "techpit:LaserWriter@*" 186\fR
 .sp .5
 .fi
 .RE
@@ -1846,7 +1872,7 @@ another reply to the same request saying host techpit has laserwriter
 .RS
 .nf
 .sp .5
-\s-2\f(CWjssmag.209.165 > helios.132: atp-req  12266<0-7> 0xae030001
+\f(CWjssmag.209.165 > helios.132: atp-req  12266<0-7> 0xae030001
 helios.132 > jssmag.209.165: atp-resp 12266:0 (512) 0xae040000
 helios.132 > jssmag.209.165: atp-resp 12266:1 (512) 0xae040000
 helios.132 > jssmag.209.165: atp-resp 12266:2 (512) 0xae040000
@@ -1859,7 +1885,7 @@ jssmag.209.165 > helios.132: atp-req  12266<3,5> 0xae030001
 helios.132 > jssmag.209.165: atp-resp 12266:3 (512) 0xae040000
 helios.132 > jssmag.209.165: atp-resp 12266:5 (512) 0xae040000
 jssmag.209.165 > helios.132: atp-rel  12266<0-7> 0xae030001
-jssmag.209.133 > helios.132: atp-req* 12267<0-7> 0xae030002\fR\s+2
+jssmag.209.133 > helios.132: atp-req* 12267<0-7> 0xae030002\fR
 .sp .5
 .fi
 .RE
@@ -1885,11 +1911,13 @@ The `*' on the request
 indicates that XO (`exactly once') was \fInot\fP set.
 
 .SH "SEE ALSO"
-stty(1), pcap(3PCAP), bpf(4), nit(4P), pcap-savefile(@MAN_FILE_FORMATS@),
-pcap-filter(@MAN_MISC_INFO@), pcap-tstamp(@MAN_MISC_INFO@)
+stty(1), pcap(3PCAP), bpf(4), nit(4P), \%pcap-savefile(@MAN_FILE_FORMATS@),
+\%pcap-filter(@MAN_MISC_INFO@), \%pcap-tstamp(@MAN_MISC_INFO@)
 .LP
 .RS
-.I http://www.iana.org/assignments/media-types/application/vnd.tcpdump.pcap
+.na
+.I https://www.iana.org/assignments/media-types/application/vnd.tcpdump.pcap
+.ad
 .RE
 .LP
 .SH AUTHORS
@@ -1905,7 +1933,7 @@ It is currently being maintained by tcpdump.org.
 The current version is available via http:
 .LP
 .RS
-.I http://www.tcpdump.org/
+.I https://www.tcpdump.org/
 .RE
 .LP
 The original distribution is available via anonymous ftp: