X-Git-Url: https://git.tcpdump.org/tcpdump/blobdiff_plain/bdadd9521d31d12a8ca8a66b868837f835750fb7..a8c33a5850cd9d2f39e56c06b645c283225d78c4:/tcpdump.1.in diff --git a/tcpdump.1.in b/tcpdump.1.in index 2a04f61e..c977e06f 100644 --- a/tcpdump.1.in +++ b/tcpdump.1.in @@ -20,7 +20,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH TCPDUMP 1 "8 April 2018" +.TH TCPDUMP 1 "2 Apr 2019" .SH NAME tcpdump \- dump traffic on a network .SH SYNOPSIS @@ -218,7 +218,7 @@ flag will forcibly flush the packet buffer into the output file. .LP Reading packets from a network interface may require that you have special privileges; see the -.B pcap (3PCAP) +.BR pcap (3PCAP) man page for details. Reading a saved packet file doesn't require special privileges. .SH OPTIONS @@ -292,7 +292,7 @@ flag will not be supported if was built with an older version of .I libpcap that lacks the -.B pcap_findalldevs() +.BR pcap_findalldevs(3PCAP) function. .TP .B \-e @@ -361,6 +361,9 @@ Savefiles will have the name specified by which should include a time format as defined by .BR strftime (3). If no time format is specified, each new file will overwrite the previous. +Whenever a generated filename is not unique, tcpdump will overwrite the +preexisting data; providing a time specification that is coarser than the +capture period is therefore not advised. .IP If used in conjunction with the .B \-C @@ -475,6 +478,19 @@ The supported values for \fItimestamp_precision\fP are \fBmicro\fP for microsecond resolution and \fBnano\fP for nanosecond resolution. The default is microsecond resolution. .TP +.B \-\-micro +.PD 0 +.TP +.B \-\-nano +.PD +Shorthands for \fB\-\-time\-stamp\-precision=micro\fP or +\fB\-\-time\-stamp\-precision=nano\fP, adjusting the time stamp +precision accordingly. When reading packets from a savefile, using +\fB\-\-micro\fP truncates time stamps if the savefile was created with +nanosecond precision. In contrast, a savefile created with microsecond +precision will have trailing zeroes added to the time stamp when +\fB\-\-nano\fP is used. +.TP .B \-K .PD 0 .TP @@ -684,16 +700,20 @@ Print the timestamp, as seconds since January 1, 1970, 00:00:00, UTC, and fractions of a second since that time, on each dump line. .TP .B \-ttt -Print a delta (micro-second resolution) between current and previous line -on each dump line. +Print a delta (microsecond or nanosecond resolution depending on the +.B \-\-time\-stamp-precision +option) between current and previous line on each dump line. +The default is microsecond resolution. .TP .B \-tttt Print a timestamp, as hours, minutes, seconds, and fractions of a second since midnight, preceded by the date, on each dump line. .TP .B \-ttttt -Print a delta (micro-second resolution) between current and first line -on each dump line. +Print a delta (microsecond or nanosecond resolution depending on the +.B \-\-time\-stamp-precision +option) between current and first line on each dump line. +The default is microsecond resolution. .TP .B \-u Print undecoded NFS handles. @@ -727,7 +747,7 @@ flag will not be supported if was built with an older version of .I libpcap that lacks the -.B pcap_dump_flush() +.BR pcap_dump_flush(3PCAP) function. .TP .B \-v @@ -797,9 +817,15 @@ files, allowing them to sort correctly. Used in conjunction with the .B \-G option, this will limit the number of rotated dump files that get -created, exiting with status 0 when reaching the limit. If used with +created, exiting with status 0 when reaching the limit. +.IP +If used in conjunction with both .B \-C -as well, the behavior will result in cyclical files per timeslice. +and +.B \-G, +the +.B \-W +option will currently be ignored, and will only affect the file name. .TP .B \-x When parsing and printing, @@ -1217,7 +1243,7 @@ host \fIcsam\fP. .RS .nf .sp .5 -\s-2\f(CWIP rtsg.1023 > csam.login: Flags [S], seq 768512:768512, win 4096, opts [mss 1024] +\f(CWIP rtsg.1023 > csam.login: Flags [S], seq 768512:768512, win 4096, opts [mss 1024] IP csam.login > rtsg.1023: Flags [S.], seq, 947648:947648, ack 768513, win 4096, opts [mss 1024] IP rtsg.1023 > csam.login: Flags [.], ack 1, win 4096 IP rtsg.1023 > csam.login: Flags [P.], seq 1:2, ack 1, win 4096, length 1 @@ -1225,7 +1251,7 @@ IP csam.login > rtsg.1023: Flags [.], ack 2, win 4096 IP rtsg.1023 > csam.login: Flags [P.], seq 2:21, ack 1, win 4096, length 19 IP csam.login > rtsg.1023: Flags [P.], seq 1:2, ack 21, win 4077, length 1 IP csam.login > rtsg.1023: Flags [P.], seq 2:3, ack 21, win 4077, urg 1, length 1 -IP csam.login > rtsg.1023: Flags [P.], seq 3:4, ack 21, win 4077, urg 1, length 1\fR\s+2 +IP csam.login > rtsg.1023: Flags [P.], seq 3:4, ack 21, win 4077, urg 1, length 1\fR .sp .5 .fi .RE @@ -1826,9 +1852,9 @@ protocol) and packet size. .RS .nf .sp .5 -\s-2\f(CWicsd-net.112.220 > jssmag.2: nbp-lkup 190: "=:LaserWriter@*" +\f(CWicsd-net.112.220 > jssmag.2: nbp-lkup 190: "=:LaserWriter@*" jssmag.209.2 > icsd-net.112.220: nbp-reply 190: "RM1140:LaserWriter@*" 250 -techpit.2 > icsd-net.112.220: nbp-reply 190: "techpit:LaserWriter@*" 186\fR\s+2 +techpit.2 > icsd-net.112.220: nbp-reply 190: "techpit:LaserWriter@*" 186\fR .sp .5 .fi .RE @@ -1846,7 +1872,7 @@ another reply to the same request saying host techpit has laserwriter .RS .nf .sp .5 -\s-2\f(CWjssmag.209.165 > helios.132: atp-req 12266<0-7> 0xae030001 +\f(CWjssmag.209.165 > helios.132: atp-req 12266<0-7> 0xae030001 helios.132 > jssmag.209.165: atp-resp 12266:0 (512) 0xae040000 helios.132 > jssmag.209.165: atp-resp 12266:1 (512) 0xae040000 helios.132 > jssmag.209.165: atp-resp 12266:2 (512) 0xae040000 @@ -1859,7 +1885,7 @@ jssmag.209.165 > helios.132: atp-req 12266<3,5> 0xae030001 helios.132 > jssmag.209.165: atp-resp 12266:3 (512) 0xae040000 helios.132 > jssmag.209.165: atp-resp 12266:5 (512) 0xae040000 jssmag.209.165 > helios.132: atp-rel 12266<0-7> 0xae030001 -jssmag.209.133 > helios.132: atp-req* 12267<0-7> 0xae030002\fR\s+2 +jssmag.209.133 > helios.132: atp-req* 12267<0-7> 0xae030002\fR .sp .5 .fi .RE @@ -1889,7 +1915,9 @@ stty(1), pcap(3PCAP), bpf(4), nit(4P), \%pcap-savefile(@MAN_FILE_FORMATS@), \%pcap-filter(@MAN_MISC_INFO@), \%pcap-tstamp(@MAN_MISC_INFO@) .LP .RS -.I http://www.iana.org/assignments/media-types/application/vnd.tcpdump.pcap +.na +.I https://www.iana.org/assignments/media-types/application/vnd.tcpdump.pcap +.ad .RE .LP .SH AUTHORS