pcapdump - dedicated packet capture utility
pcapdump captures packets from a network interface and writes them to a
dumpfile. The filename argument given to -w will be formated by strf-
Input interface to read packets from.
-r pcap file
Dump file to read packets from.
-w pcap file
Dump file to write filtered packets to.
BPF expression which selects packets to be filtered.
Capture snaplen bytes of data from each packet.
-p Disable promiscuous mode sniffing.
Set the output file's owning user to owner.
Set the output file's owning group to group.
Set the output file's mode to mode, specified in octal.
Dump file rotation interval in seconds.
Exit after capturing count packets.
Exit after capturing during this amount of seconds.
-H Only capture link, network, and transport headers; do not cap-
ture application-layer data.
-S sample value
Sample the packet stream by only dumping 1 in every sample value
-R Together with -S, sample the packets randomly, not systematical-
Daemonize the process and write its PID to pidfile.
-C config file
File to read configuration variables from. Instead of passing
configuration through the command line, a file can be used to
specify values for the bpf, device, filefmt, group, interval,
mode, owner, promisc, and snaplen options (not all need to be
specified; defaults will be used otherwise). See
/usr/share/doc/pcaputils/examples/pcapdump/eth0 for an example.
9 May 2009 pcapdump(1)