X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/7042ae6b15f182a6a2bdf6217fd0f1d11a320425..486704db7c840dcfb51f70f1812d9c3ad37ad39c:/tcpdump.1.in diff --git a/tcpdump.1.in b/tcpdump.1.in index c3bce63d..ebf50ab6 100644 --- a/tcpdump.1.in +++ b/tcpdump.1.in @@ -20,18 +20,21 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH TCPDUMP 1 "26 February 2014" +.TH TCPDUMP 1 "11 July 2014" .SH NAME tcpdump \- dump traffic on a network .SH SYNOPSIS .na .B tcpdump [ -.B \-AbdDefhHIJKlLnNOpqRStuUvxX +.B \-AbdDefhHIJKlLnNOpqRStuUvxX# ] [ .B \-B .I buffer_size -] [ +] +.br +.ti +8 +[ .B \-c .I count ] @@ -123,6 +126,17 @@ tcpdump \- dump traffic on a network ] .ti +8 [ +.BI \-\-time\-stamp\-precision= tstamp_precision +] +.ti +8 +[ +.B \-\-immediate\-mode +] +[ +.B \-\-version +] +.ti +8 +[ .I expression ] .br @@ -130,7 +144,9 @@ tcpdump \- dump traffic on a network .SH DESCRIPTION .LP \fITcpdump\fP prints out a description of the contents of packets on a -network interface that match the boolean \fIexpression\fP. It can also +network interface that match the boolean \fIexpression\fP; the +description is preceded by a time stamp, printed, by default, as hours, +minutes, seconds, and fractions of a second since midnight. It can also be run with the .B \-w flag, which causes it to save the packet data to a file for later @@ -194,7 +210,9 @@ your ``status'' character, typically control-T, although on some platforms, such as Mac OS X, the ``status'' character is not set by default, so you must set it with .BR stty (1) -in order to use it) and will continue capturing packets. +in order to use it) and will continue capturing packets. On platforms that +do not support the SIGINFO signal, the same can be achieved by using the +SIGUSR1 signal. .LP Reading packets from a network interface may require that you have special privileges; see the @@ -354,6 +372,10 @@ option, filenames will take the form of `\fIfile\fP'. Print the tcpdump and libpcap version strings, print a usage message, and exit. .TP +.B \-\-version +.PD +Print the tcpdump and libpcap version strings and exit. +.TP .B \-H Attempt to detect 802.11s draft mesh headers. .TP @@ -405,6 +427,13 @@ monitor mode will be shown; if is specified, only those link-layer types available when in monitor mode will be shown. .TP +.BI \-\-immediate\-mode +Capture in "immediate mode". In this mode, packets are delivered to +tcpdump as soon as they arrive, rather than being buffered for +efficiency. This is the default when printing packets rather than +saving packets to a ``savefile'' if the packets are being printed to a +terminal rather than to a file or pipe. +.TP .BI \-j " tstamp_type" .PD 0 .TP @@ -425,6 +454,25 @@ List the supported time stamp types for the interface and exit. If the time stamp type cannot be set for the interface, no time stamp types are listed. .TP +.BI \-\-time\-stamp\-precision= tstamp_precision +When capturing, set the time stamp precision for the capture to +\fItstamp_precision\fP. Note that availability of high precision time +stamps (nanoseconds) and their actual accuracy is platform and hardware +dependent. Also note that when writing captures made with nanosecond +accuracy to a savefile, the time stamps are written with nanosecond +resolution, and the file is written with a different magic number, to +indicate that the time stamps are in seconds and nanoseconds; not all +programs that read pcap savefiles will be able to read those captures. +.LP +When reading a savefile, convert time stamps to the precision specified +by \fItimestamp_precision\fP, and display them with that resolution. If +the precision specified is less than the precision of time stamps in the +file, the conversion will lose precision. +.LP +The supported values for \fItimestamp_precision\fP are \fBmicro\fP for +microsecond resolution and \fBnano\fP for nanosecond resolution. The +default is microsecond resolution. +.TP .B \-K .PD 0 .TP @@ -504,7 +552,11 @@ E.g., if you give this flag then \fItcpdump\fP will print ``nic'' instead of ``nic.ddn.mil''. .TP -.B \--number +.B \-# +.PD 0 +.TP +.B \-\-number +.PD Print an optional packet number at the beginning of the line. .TP .B \-O @@ -618,14 +670,16 @@ an encapsulated PGM packet. \fIDon't\fP print a timestamp on each dump line. .TP .B \-tt -Print an unformatted timestamp on each dump line. +Print the timestamp, as seconds since January 1, 1970, 00:00:00, UTC, and +fractions of a second since that time, on each dump line. .TP .B \-ttt Print a delta (micro-second resolution) between current and previous line on each dump line. .TP .B \-tttt -Print a timestamp in default format proceeded by date on each dump line. +Print a timestamp, as hours, minutes, seconds, and fractions of a second +since midnight, preceded by the date, on each dump line. .TP .B \-ttttt Print a delta (micro-second resolution) between current and first line @@ -1828,11 +1882,15 @@ is the current clock time in the form .fi .RE and is as accurate as the kernel's clock. -The timestamp reflects the time the kernel first saw the packet. -No attempt -is made to account for the time lag between when the -Ethernet interface removed the packet from the wire and when the kernel -serviced the `new packet' interrupt. +The timestamp reflects the time the kernel applied a time stamp to the packet. +No attempt is made to account for the time lag between when the network +interface finished receiving the packet from the network and when the +kernel applied a time stamp to the packet; that time lag could include a +delay between the time when the network interface finished receiving a +packet from the network and the time when an interrupt was delivered to +the kernel to get it to read the packet and a delay between the time +when the kernel serviced the `new packet' interrupt and the time when it +applied a time stamp to the packet. .SH "SEE ALSO" stty(1), pcap(3PCAP), bpf(4), nit(4P), pcap-savefile(@MAN_FILE_FORMATS@), pcap-filter(@MAN_MISC_INFO@), pcap-tstamp(@MAN_MISC_INFO@)