From: Guy Harris Date: Tue, 13 Nov 2012 09:08:04 +0000 (-0800) Subject: Note that "-e" can be used to get MAC addresses printed. X-Git-Tag: tcpdump-4.4.0~19 X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/76153174f4e9ba5bb14ce827cca06235bbe84ba7 Note that "-e" can be used to get MAC addresses printed. Also give more details on shell metacharacters in filter expressions - in particular, note that a common use of a shell metacharacter is a backslash used to escape protocol names, e.g. "ether proto \ip", and that the alternative to quoting the entire expression is to escapet he shell metacharacters, e.g. tcpdump ether proto \\ip --- diff --git a/tcpdump.1.in b/tcpdump.1.in index 2fcc8445..57447fb3 100644 --- a/tcpdump.1.in +++ b/tcpdump.1.in @@ -256,7 +256,9 @@ that lacks the function. .TP .B \-e -Print the link-level header on each dump line. +Print the link-level header on each dump line. This can be used, for +example, to print MAC layer addresses for protocols such as Ethernet and +IEEE 802.11. .TP .B \-E Use \fIspi@ipaddr algo:secret\fP for decrypting IPsec ESP packets that @@ -716,8 +718,10 @@ For the \fIexpression\fP syntax, see .LP Expression arguments can be passed to \fItcpdump\fP as either a single argument or as multiple arguments, whichever is more convenient. -Generally, if the expression contains Shell metacharacters, it is -easier to pass it as a single, quoted argument. +Generally, if the expression contains Shell metacharacters, such as +backslashes used to escape protocol names, it is easier to pass it as +a single, quoted argument rather than to escape the Shell +metacharacters. Multiple arguments are concatenated with spaces before being parsed. .SH EXAMPLES .LP