Avoid collison with error(), clean up code a bit.

[tcpdump] / tcpdump.1.in

diff --git a/tcpdump.1.in b/tcpdump.1.in
index c3bce63dd5a0c612eecd3d616b123715e6dc8af3..ebf50ab63d1e4cfc5202a0c970852179fc996b72 100644 (file)
--- a/tcpdump.1.in
+++ b/tcpdump.1.in
@@ -20,18 +20,21 @@
 .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
 .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 .\"
 .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
 .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 .\"

-.TH TCPDUMP 1  "26 February 2014"
+.TH TCPDUMP 1  "11 July 2014"

 .SH NAME
 tcpdump \- dump traffic on a network
 .SH SYNOPSIS
 .na
 .B tcpdump
 [
 .SH NAME
 tcpdump \- dump traffic on a network
 .SH SYNOPSIS
 .na
 .B tcpdump
 [

-.B \-AbdDefhHIJKlLnNOpqRStuUvxX
+.B \-AbdDefhHIJKlLnNOpqRStuUvxX#

 ] [
 .B \-B
 .I buffer_size
 ] [
 .B \-B
 .I buffer_size

-] [
+]
+.br
+.ti +8
+[

 .B \-c
 .I count
 ]
 .B \-c
 .I count
 ]


@@ -123,6 +126,17 @@ tcpdump \- dump traffic on a network
 ]
 .ti +8
 [
 ]
 .ti +8
 [

+.BI \-\-time\-stamp\-precision= tstamp_precision
+]
+.ti +8
+[
+.B \-\-immediate\-mode
+]
+[
+.B \-\-version
+]
+.ti +8
+[

 .I expression
 ]
 .br
 .I expression
 ]
 .br


@@ -130,7 +144,9 @@ tcpdump \- dump traffic on a network
 .SH DESCRIPTION
 .LP
 \fITcpdump\fP prints out a description of the contents of packets on a
 .SH DESCRIPTION
 .LP
 \fITcpdump\fP prints out a description of the contents of packets on a

-network interface that match the boolean \fIexpression\fP.  It can also
+network interface that match the boolean \fIexpression\fP; the
+description is preceded by a time stamp, printed, by default, as hours,
+minutes, seconds, and fractions of a second since midnight.  It can also

 be run with the
 .B \-w
 flag, which causes it to save the packet data to a file for later
 be run with the
 .B \-w
 flag, which causes it to save the packet data to a file for later


@@ -194,7 +210,9 @@ your ``status'' character, typically control-T, although on some
 platforms, such as Mac OS X, the ``status'' character is not set by
 default, so you must set it with
 .BR stty (1)
 platforms, such as Mac OS X, the ``status'' character is not set by
 default, so you must set it with
 .BR stty (1)

-in order to use it) and will continue capturing packets.
+in order to use it) and will continue capturing packets. On platforms that
+do not support the SIGINFO signal, the same can be achieved by using the
+SIGUSR1 signal.

 .LP
 Reading packets from a network interface may require that you have
 special privileges; see the
 .LP
 Reading packets from a network interface may require that you have
 special privileges; see the


@@ -354,6 +372,10 @@ option, filenames will take the form of `\fIfile\fP<count>'.
 Print the tcpdump and libpcap version strings, print a usage message,
 and exit.
 .TP
 Print the tcpdump and libpcap version strings, print a usage message,
 and exit.
 .TP

+.B \-\-version
+.PD
+Print the tcpdump and libpcap version strings and exit.
+.TP

 .B \-H
 Attempt to detect 802.11s draft mesh headers.
 .TP
 .B \-H
 Attempt to detect 802.11s draft mesh headers.
 .TP


@@ -405,6 +427,13 @@ monitor mode will be shown; if
 is specified, only those link-layer types available when in monitor mode
 will be shown.
 .TP
 is specified, only those link-layer types available when in monitor mode
 will be shown.
 .TP

+.BI \-\-immediate\-mode
+Capture in "immediate mode".  In this mode, packets are delivered to
+tcpdump as soon as they arrive, rather than being buffered for
+efficiency.  This is the default when printing packets rather than
+saving packets to a ``savefile'' if the packets are being printed to a
+terminal rather than to a file or pipe.
+.TP

 .BI \-j " tstamp_type"
 .PD 0
 .TP
 .BI \-j " tstamp_type"
 .PD 0
 .TP


@@ -425,6 +454,25 @@ List the supported time stamp types for the interface and exit.  If the
 time stamp type cannot be set for the interface, no time stamp types are
 listed.
 .TP
 time stamp type cannot be set for the interface, no time stamp types are
 listed.
 .TP

+.BI \-\-time\-stamp\-precision= tstamp_precision
+When capturing, set the time stamp precision for the capture to
+\fItstamp_precision\fP.  Note that availability of high precision time
+stamps (nanoseconds) and their actual accuracy is platform and hardware
+dependent.  Also note that when writing captures made with nanosecond
+accuracy to a savefile, the time stamps are written with nanosecond
+resolution, and the file is written with a different magic number, to
+indicate that the time stamps are in seconds and nanoseconds; not all
+programs that read pcap savefiles will be able to read those captures.
+.LP
+When reading a savefile, convert time stamps to the precision specified
+by \fItimestamp_precision\fP, and display them with that resolution.  If
+the precision specified is less than the precision of time stamps in the
+file, the conversion will lose precision.
+.LP
+The supported values for \fItimestamp_precision\fP are \fBmicro\fP for
+microsecond resolution and \fBnano\fP for nanosecond resolution.  The
+default is microsecond resolution.
+.TP

 .B \-K
 .PD 0
 .TP
 .B \-K
 .PD 0
 .TP


@@ -504,7 +552,11 @@ E.g.,
 if you give this flag then \fItcpdump\fP will print ``nic''
 instead of ``nic.ddn.mil''.
 .TP
 if you give this flag then \fItcpdump\fP will print ``nic''
 instead of ``nic.ddn.mil''.
 .TP

-.B \--number
+.B \-#
+.PD 0
+.TP
+.B \-\-number
+.PD

 Print an optional packet number at the beginning of the line.
 .TP
 .B \-O
 Print an optional packet number at the beginning of the line.
 .TP
 .B \-O


@@ -618,14 +670,16 @@ an encapsulated PGM packet.
 \fIDon't\fP print a timestamp on each dump line.
 .TP
 .B \-tt
 \fIDon't\fP print a timestamp on each dump line.
 .TP
 .B \-tt

-Print an unformatted timestamp on each dump line.
+Print the timestamp, as seconds since January 1, 1970, 00:00:00, UTC, and
+fractions of a second since that time, on each dump line.

 .TP
 .B \-ttt
 Print a delta (micro-second resolution) between current and previous line
 on each dump line.
 .TP
 .B \-tttt
 .TP
 .B \-ttt
 Print a delta (micro-second resolution) between current and previous line
 on each dump line.
 .TP
 .B \-tttt

-Print a timestamp in default format proceeded by date on each dump line.
+Print a timestamp, as hours, minutes, seconds, and fractions of a second
+since midnight, preceded by the date, on each dump line.

 .TP
 .B \-ttttt
 Print a delta (micro-second resolution) between current and first line
 .TP
 .B \-ttttt
 Print a delta (micro-second resolution) between current and first line


@@ -1828,11 +1882,15 @@ is the current clock time in the form
 .fi
 .RE
 and is as accurate as the kernel's clock.
 .fi
 .RE
 and is as accurate as the kernel's clock.

-The timestamp reflects the time the kernel first saw the packet.
-No attempt
-is made to account for the time lag between when the
-Ethernet interface removed the packet from the wire and when the kernel
-serviced the `new packet' interrupt.
+The timestamp reflects the time the kernel applied a time stamp to the packet.
+No attempt is made to account for the time lag between when the network
+interface finished receiving the packet from the network and when the
+kernel applied a time stamp to the packet; that time lag could include a
+delay between the time when the network interface finished receiving a
+packet from the network and the time when an interrupt was delivered to
+the kernel to get it to read the packet and a delay between the time
+when the kernel serviced the `new packet' interrupt and the time when it
+applied a time stamp to the packet.

 .SH "SEE ALSO"
 stty(1), pcap(3PCAP), bpf(4), nit(4P), pcap-savefile(@MAN_FILE_FORMATS@),
 pcap-filter(@MAN_MISC_INFO@), pcap-tstamp(@MAN_MISC_INFO@)
 .SH "SEE ALSO"
 stty(1), pcap(3PCAP), bpf(4), nit(4P), pcap-savefile(@MAN_FILE_FORMATS@),
 pcap-filter(@MAN_MISC_INFO@), pcap-tstamp(@MAN_MISC_INFO@)