pcapdump: Dedicated packet capture utility

PCAPNET OPTIONS

\*(T<-i \*(T>interface: Input interface to read packets from.
\*(T<-r \*(T>pcap file: Dump file to read packets from.
\*(T<-w \*(T>pcap file: Dump file to write filtered packets to.
\*(T<-f \*(T>expression: BPF expression which selects packets to be filtered.
\*(T<-s \*(T>snaplen: Capture snaplen bytes of data from each packet.
\*(T<-p\*(T>: Disable promiscuous mode sniffing.

\*(T<-u \*(T>owner: Set the output file's owning user to owner.
\*(T<-g \*(T>group: Set the output file's owning group to group.
\*(T<-m \*(T>mode: Set the output file's mode to mode, specified in octal.
\*(T<-t \*(T>secs: Dump file rotation interval in seconds.
\*(T<-c \*(T>count: Exit after capturing count packets.
\*(T<-T \*(T>secs: Exit after capturing during this amount of seconds.
\*(T<-H \*(T>: Only capture link, network, and transport headers; do not capture application-layer data.
\*(T<-S \*(T>sample value: Sample the packet stream by only dumping 1 in every sample value packets.
\*(T<-R \*(T>: Together with -S, sample the packets randomly, not systematically.
\*(T<-P \*(T>pidfile: Daemonize the process and write its PID to pidfile.
\*(T<-C \*(T>config file: File to read configuration variables from. Instead of passing configuration through the command line, a file can be used to specify values for the \*(T<bpf\*(T>, \*(T<device\*(T>, \*(T<filefmt\*(T>, \*(T<group\*(T>, \*(T<interval\*(T>, \*(T<mode\*(T>, \*(T<owner\*(T>, \*(T<promisc\*(T>, and \*(T<snaplen\*(T> options (not all need to be specified; defaults will be used otherwise). See /usr/share/doc/pcaputils/examples/pcapdump/eth0 for an example.