Print the AS number in BGP packets in ASDOT notation rather than ASPLAIN
notation.
.TP
-.B \-B
+.BI \-B " buffer_size"
+.PD 0
+.TP
+.BI \-\-buffer\-size= buffer_size
+.PD
Set the operating system capture buffer size to \fIbuffer_size\fP, in
units of KiB (1024 bytes).
.TP
not 1,048,576 bytes).
.TP
.B \-d
+.PD 0
+.TP
+.B \-\-list\-interfaces
+.PD
Dump the compiled packet-matching code in a human readable form to
standard output and stop.
.TP
option, filenames will take the form of `\fIfile\fP<count>'.
.TP
.B \-h
+.PD 0
+.TP
+.B \-\-help
+.PD
Print the tcpdump and libpcap version strings, print a usage message,
and exit.
.TP
.B \-H
Attempt to detect 802.11s draft mesh headers.
.TP
-.B \-i
+.BI \-i " interface"
+.PD 0
+.TP
+.BI \-\-interface= interface
+.PD
Listen on \fIinterface\fP.
If unspecified, \fItcpdump\fP searches the system interface list for the
lowest numbered, configured up interface (excluding loopback), which may turn
argument.
.TP
.B \-I
+.PD 0
+.TP
+.B \-\-monitor\-mode
+.PD
Put the interface in "monitor mode"; this is supported only on IEEE
802.11 Wi-Fi interfaces, and supported only on some operating systems.
.IP
is specified, only those link-layer types available when in monitor mode
will be shown.
.TP
-.B \-j
+.BI \-j " tstamp_type"
+.PD 0
+.TP
+.BI \-\-time\-stamp\-type= tstamp_type
+.PD
Set the time stamp type for the capture to \fItstamp_type\fP. The names
to use for the time stamp types are given in
.BR pcap-tstamp (@MAN_MISC_INFO@);
interface.
.TP
.B \-J
+.PD 0
+.TP
+.B \-\-list\-time\-stamp\-types
+.PD
List the supported time stamp types for the interface and exit. If the
time stamp type cannot be set for the interface, no time stamp types are
listed.
.TP
.B \-K
+.PD 0
+.TP
+.B \-\-dont\-verify\-checksums
+.PD
Don't attempt to verify IP, TCP, or UDP checksums. This is useful for
interfaces that perform some or all of those checksum calculation in
hardware; otherwise, all outgoing TCP checksums will be flagged as bad.
including Windows.
.TP
.B \-L
+.PD 0
+.TP
+.B \-\-list\-data\-link\-types
+.PD
List the known data link types for the interface, in the specified mode,
and exit. The list of known data link types may be dependent on the
specified mode; for example, on some platforms, a Wi-Fi interface might
instead of ``nic.ddn.mil''.
.TP
.B \-O
+.PD 0
+.TP
+.B \-\-no\-optimize
+.PD
Do not run the packet-matching code optimizer.
This is useful only
if you suspect a bug in the optimizer.
.TP
.B \-p
+.PD 0
+.TP
+.B \-\-no\-promiscuous\-mode
+.PD
\fIDon't\fP put the interface
into promiscuous mode.
Note that the interface might be in promiscuous
mode for some other reason; hence, `-p' cannot be used as an abbreviation for
`ether host {local-hw-addr} or ether broadcast'.
.TP
-.B \-Q
+.BI \-Q " direction"
+.PD 0
+.TP
+.BI \-\-direction= direction
+.PD
Choose send/receive direction \fIdirection\fR for which packets should be
captured. Possible values are `in', `out' and `inout'. Not available
on all platforms.
Standard input is used if \fIfile\fR is ``-''.
.TP
.B \-S
+.PD 0
+.TP
+.B \-\-absolute\-tcp\-sequence\-numbers
+.PD
Print absolute, rather than relative, TCP sequence numbers.
.TP
-.B \-s
+.BI \-s " snaplen"
+.PD 0
+.TP
+.BI \-\-snapshot\-length= snaplen
+.PD
Snarf \fIsnaplen\fP bytes of data from each packet rather than the
default of 65535 bytes.
Packets truncated because of a limited snapshot
Print undecoded NFS handles.
.TP
.B \-U
+.PD 0
+.TP
+.B \-\-packet\-buffered
+.PD
If the
.B \-w
option is not specified, make the printed packet output
.I including
its link level header, in hex and ASCII.
.TP
-.B \-y
+.BI \-y " datalinktype"
+.PD 0
+.TP
+.BI \-\-linktype= datalinktype
+.PD
Set the data link type to use while capturing packets to \fIdatalinktype\fP.
.TP
.B \-z
and execute the command that you want.
.TP
.B \-Z
+.PD 0
+.TP
+.B \-\-relinquish\-privileges
+.PD
If
.I tcpdump
is running as root, after opening the capture device or input savefile,
}
#endif /* HAVE_PCAP_FINDALLDEVS */
+/*
+ * Short options.
+ *
+ * Note that there we use all letters for short options except for g, k,
+ * o, and P, and those are used by other versions of tcpdump, and we should
+ * only use them for the same purposes that the other versions of tcpdump
+ * use them:
+ *
+ * OS X tcpdump uses -g to force non--v output for IP to be on one
+ * line, making it more "g"repable;
+ *
+ * OS X tcpdump uses -k tospecify that packet comments in pcap-ng files
+ * should be printed;
+ *
+ * OpenBSD tcpdump uses -o to indicate that OS fingerprinting should be done
+ * for hosts sending TCP SYN packets;
+ *
+ * OS X tcpdump uses -P to indicate that -w should write pcap-ng rather
+ * than pcap files.
+ */
+
/*
* Set up flags that might or might not be supported depending on the
* version of libpcap we're using.
#define Q_FLAG
#endif
+/*
+ * Long options.
+ *
+ * We do not currently have long options corresponding to all short
+ * options; we should probably pick appropriate option names for them.
+ *
+ * However, the short options where the number of times the option is
+ * specified matters, such as -v and -d and -t, should probably not
+ * just map to a long option, as saying
+ *
+ * tcpdump --verbose --verbose
+ *
+ * doesn't make sense; it should be --verbosity={N} or something such
+ * as that.
+ *
+ * We do not currently have long options with no corresponding short
+ * options; for those, we should define values outside the range of
+ * ASCII graphic characters, make that the last component of the
+ * entry for the long option, and have a case for that option in the
+ * switch statement.
+ */
static struct option longopts[] = {
- { NULL, no_argument, NULL, 'a' },
- { NULL, no_argument, NULL, 'A' },
- { NULL, no_argument, NULL, 'b' },
#if defined(HAVE_PCAP_CREATE) || defined(WIN32)
- { NULL, required_argument, NULL, 'B' },
-#endif
- { NULL, required_argument, NULL, 'c' },
- { NULL, required_argument, NULL, 'C' },
- { NULL, no_argument, NULL, 'd' },
- { NULL, no_argument, NULL, 'D' },
- { NULL, no_argument, NULL, 'e' },
- { NULL, required_argument, NULL, 'E' },
- { NULL, no_argument, NULL, 'f' },
- { NULL, required_argument, NULL, 'F' },
- /*
- * NOTE: OS X tcpdump uses -g; we shouldn't use it except for
- * the same purpose (forcing non--v output for IP to be on one
- * line, making it more "g"repable).
- */
- { NULL, required_argument, NULL, 'G' },
- { NULL, no_argument, NULL, 'h' },
- { NULL, no_argument, NULL, 'H' },
- { NULL, required_argument, NULL, 'i' },
+ { "buffer-size", required_argument, NULL, 'B' },
+#endif
+ { "list-interfaces", no_argument, NULL, 'D' },
+ { "help", no_argument, NULL, 'h' },
+ { "interface", required_argument, NULL, 'i' },
#ifdef HAVE_PCAP_CREATE
- { NULL, no_argument, NULL, 'I' },
+ { "monitor-mode", no_argument, NULL, 'I' },
#endif
#ifdef HAVE_PCAP_SET_TSTAMP_TYPE
- { NULL, required_argument, NULL, 'j' },
- { NULL, no_argument, NULL, 'J' },
+ { "time-stamp-type", required_argument, NULL, 'j' },
+ { "list-time-stamp-types", no_argument, NULL, 'J' },
#endif
- /*
- * NOTE: OS X tcpdump uses -k; we shouldn't use it except for
- * the same purpose (printing packet comments in pcap-ng files).
- */
- { NULL, no_argument, NULL, 'K' },
- { NULL, no_argument, NULL, 'l' },
- { NULL, no_argument, NULL, 'L' },
- { NULL, required_argument, NULL, 'm' },
- { NULL, required_argument, NULL, 'M' },
- { NULL, no_argument, NULL, 'n' },
- { NULL, no_argument, NULL, 'N' },
- /*
- * NOTE: OpenBSD tcpdump uses -o; we shouldn't use it except for
- * the same purpose (trying to do OS fingerprinting for
- * hosts sending TCP SYN packets).
- */
- { NULL, no_argument, NULL, 'O' },
- { NULL, no_argument, NULL, 'p' },
- /*
- * NOTE: OS X tcpdump uses -P; we shouldn't use it except for
- * the same purpose (writing pcap-ng rather than pcap files).
- */
- { NULL, no_argument, NULL, 'q' },
+ { "dont-verify-checksums", no_argument, NULL, 'K' },
+ { "list-data-link-types", no_argument, NULL, 'L' },
+ { "no-optimize", no_argument, NULL, 'O' },
+ { "no-promiscuous-mode", no_argument, NULL, 'p' },
#ifdef HAVE_PCAP_SETDIRECTION
- { NULL, required_argument, NULL, 'Q' },
-#endif
- { NULL, required_argument, NULL, 'r' },
- { NULL, no_argument, NULL, 'R' },
- { NULL, required_argument, NULL, 's' },
- { NULL, no_argument, NULL, 'S' },
- { NULL, no_argument, NULL, 't' },
- { NULL, required_argument, NULL, 'T' },
- { NULL, no_argument, NULL, 'u' },
+ { "direction", required_argument, NULL, 'Q' },
+#endif
+ { "snapshot-length", required_argument, NULL, 's' },
+ { "absolute-tcp-sequence-numbers", no_argument, NULL, 'S' },
#ifdef HAVE_PCAP_DUMP_FLUSH
- { NULL, no_argument, NULL, 'U' },
-#endif
- { NULL, no_argument, NULL, 'v' },
- { NULL, required_argument, NULL, 'V' },
- { NULL, required_argument, NULL, 'w' },
- { NULL, required_argument, NULL, 'W' },
- { NULL, no_argument, NULL, 'x' },
- { NULL, no_argument, NULL, 'X' },
- { NULL, required_argument, NULL, 'y' },
+ { "packet-buffered", no_argument, NULL, 'U' },
+#endif
+ { "linktype", required_argument, NULL, 'y' },
#if defined(HAVE_PCAP_DEBUG) || defined(HAVE_YYDEBUG)
- { NULL, no_argument, NULL, 'Y' },
+ { "debug-filter-parser", no_argument, NULL, 'Y' },
#endif
- { NULL, required_argument, NULL, 'z' },
- { NULL, required_argument, NULL, 'Z' },
+ { "relinquish-privileges", required_argument, NULL, 'Z' },
{ NULL, 0, NULL, 0 }
};
projects / tcpdump / commitdiff
