X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/219cf47b23bcd83803b2a239f9d7b1b6445165b4..fb8b947488c7f22b518de1df1a91e663dc7ab33c:/tcpdump.1 diff --git a/tcpdump.1 b/tcpdump.1 index dc550344..5f55299f 100644 --- a/tcpdump.1 +++ b/tcpdump.1 @@ -1,4 +1,4 @@ -.\" @(#) $Header: /tcpdump/master/tcpdump/Attic/tcpdump.1,v 1.157 2004-01-15 19:55:56 guy Exp $ (LBL) +.\" @(#) $Header: /tcpdump/master/tcpdump/Attic/tcpdump.1,v 1.163 2004-06-12 08:51:23 guy Exp $ (LBL) .\" .\" $NetBSD: tcpdump.8,v 1.9 2003/03/31 00:18:17 perry Exp $ .\" @@ -22,7 +22,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH TCPDUMP 1 "23 November 2003" +.TH TCPDUMP 1 "22 March 2004" .SH NAME tcpdump \- dump traffic on a network .SH SYNOPSIS @@ -54,12 +54,16 @@ tcpdump \- dump traffic on a network .I module ] [ -.B \-r -.I file +.B \-M +.I secret ] .br .ti +8 [ +.B \-r +.I file +] +[ .B \-s .I snaplen ] @@ -74,6 +78,12 @@ tcpdump \- dump traffic on a network .br .ti +8 [ +.B \-W +.I filecount +] +.br +.ti +8 +[ .B \-E .I spi@ipaddr algo:secret,... ] @@ -83,6 +93,10 @@ tcpdump \- dump traffic on a network .B \-y .I datalinktype ] +[ +.B \-Z +.I user +] .ti +8 [ .I expression @@ -243,7 +257,7 @@ currently larger than \fIfile_size\fP and, if so, close the current savefile and open a new one. Savefiles after the first savefile will have the name specified with the .B \-w -flag, with a number after it, starting at 2 and continuing upward. +flag, with a number after it, starting at 1 and continuing upward. The units of \fIfile_size\fP are millions of bytes (1,000,000 bytes, not 1,048,576 bytes). .TP @@ -377,6 +391,10 @@ Load SMI MIB module definitions from file \fImodule\fR. This option can be used several times to load several MIB modules into \fItcpdump\fP. .TP +.B \-M +Use \fIsecret\fP as a shared secret for validating the digests found in +TCP segments with the TCP-MD5 option (RFC 2385), if present. +.TP .B \-n Don't convert addresses (i.e., host addresses, port numbers, etc.) to names. .TP @@ -516,6 +534,16 @@ them out. They can later be printed with the \-r option. Standard output is used if \fIfile\fR is ``-''. .TP +.B \-W +Used in conjunction with the +.I \-C +option, this will limit the number +of files created to the specified number, and begin overwriting files +from the beginning, thus creating a 'rotating' buffer. +In addition, it will name +the files with enough leading 0s to support the maximum number of +files, allowing them to sort correctly. +.TP .B \-x Print each packet (minus its link level header) in hex. The smaller of the entire packet or @@ -541,6 +569,14 @@ its link level header, in hex and ASCII. .TP .B \-y Set the data link type to use while capturing packets to \fIdatalinktype\fP. +.TP +.B \-Z +Drops privileges (if root) and changes user ID to +.I user +and the group ID to the primary group of +.IR user . +.IP +This behavior can also be enabled by default at compile time. .IP "\fI expression\fP" .RS selects which packets will be dumped. @@ -855,7 +891,7 @@ In the case of Ethernet, \fItcpdump\fR checks the Ethernet type field for most of those protocols. The exceptions are: .RS .TP -\fBiso\fP, \fBsap\fP, and \fBnetbeui\fP +\fBiso\fP, \fBstp\fP, and \fBnetbeui\fP \fItcpdump\fR checks for an 802.3 frame and then checks the LLC header as it does for FDDI, Token Ring, and 802.11; .TP @@ -913,6 +949,22 @@ and .B memory (applies only to packets logged by OpenBSD's .BR pf (4)). +.IP "\fBrset \fIname\fR" +True if the packet was logged as matching the specified PF ruleset +name of an anchored ruleset (applies only to packets logged by +.BR pf (4)). +.IP "\fBruleset \fIname\fR" +Synonomous with the +.B rset +modifier. +.IP "\fBsrnr \fInum\fR" +True if the packet was logged as matching the specified PF rule number +of an anchored ruleset (applies only to packets logged by +.BR pf (4)). +.IP "\fBsubrulenum \fInum\fR" +Synonomous with the +.B srnr +modifier. .IP "\fBaction \fIact\fR" True if PF took the specified action when the packet was logged. Known actions are: @@ -920,7 +972,7 @@ are: and .B block (applies only to packets logged by OpenBSD's -.BR pf(4)). +.BR pf (4)). .IP "\fBip\fR, \fBip6\fR, \fBarp\fR, \fBrarp\fR, \fBatalk\fR, \fBaarp\fR, \fBdecnet\fR, \fBiso\fR, \fBstp\fR, \fBipx\fR, \fInetbeui\fP" Abbreviations for: .in +.5i