diff options
author | delphij <delphij@FreeBSD.org> | 2013-05-30 20:51:22 +0000 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2013-05-30 20:51:22 +0000 |
commit | cc86f133652d396d6f3dac311d20761a9ee00ad9 (patch) | |
tree | f1ffd0911b49d93d246ae1677dd73d297cd2d92d /usr.sbin/tcpdump | |
parent | 0c381861b05890dec1e89030d37c6dbea3c12ca5 (diff) | |
parent | a765887ce77351bac1c77be2cf18a3a66a602fc5 (diff) | |
download | FreeBSD-src-cc86f133652d396d6f3dac311d20761a9ee00ad9.zip FreeBSD-src-cc86f133652d396d6f3dac311d20761a9ee00ad9.tar.gz |
MFV: tcpdump 4.4.0.
MFC after: 4 weeks
Diffstat (limited to 'usr.sbin/tcpdump')
-rw-r--r-- | usr.sbin/tcpdump/tcpdump/Makefile | 4 | ||||
-rw-r--r-- | usr.sbin/tcpdump/tcpdump/config.h | 4 | ||||
-rw-r--r-- | usr.sbin/tcpdump/tcpdump/tcpdump.1 | 48 |
3 files changed, 46 insertions, 10 deletions
diff --git a/usr.sbin/tcpdump/tcpdump/Makefile b/usr.sbin/tcpdump/tcpdump/Makefile index ca8ec4c..7065dba 100644 --- a/usr.sbin/tcpdump/tcpdump/Makefile +++ b/usr.sbin/tcpdump/tcpdump/Makefile @@ -23,8 +23,10 @@ SRCS = addrtoname.c af.c checksum.c cpack.c gmpls.c oui.c gmt2local.c \ print-l2tp.c print-lane.c print-ldp.c print-lldp.c print-llc.c \ print-lmp.c print-lspping.c \ print-lwapp.c print-lwres.c print-mobile.c print-mpls.c print-msdp.c \ + print-msnlb.c \ print-mpcp.c \ print-nfs.c print-ntp.c print-null.c print-olsr.c print-ospf.c \ + print-otv.c \ print-pfsync.c \ print-pgm.c print-pim.c print-ppi.c print-ppp.c print-pppoe.c \ print-pptp.c print-radius.c print-raw.c print-rip.c \ @@ -36,7 +38,9 @@ SRCS = addrtoname.c af.c checksum.c cpack.c gmpls.c oui.c gmt2local.c \ print-timed.c print-tipc.c \ print-token.c print-udld.c print-udp.c print-vjc.c \ print-vqp.c print-vrrp.c print-vtp.c \ + print-vxlan.c \ print-wb.c print-zephyr.c setsignal.c tcpdump.c util.c \ + print-zeromq.c \ print-smb.c signature.c smbutil.c \ version.c CLEANFILES+= version.c diff --git a/usr.sbin/tcpdump/tcpdump/config.h b/usr.sbin/tcpdump/tcpdump/config.h index b13055d..62fa3cd 100644 --- a/usr.sbin/tcpdump/tcpdump/config.h +++ b/usr.sbin/tcpdump/tcpdump/config.h @@ -255,7 +255,7 @@ /* #undef NETINET_ETHER_H_DECLARES_ETHER_NTOHOST */ /* Define to 1 if netinet/if_ether.h declares `ether_ntohost' */ -#define NETINET_IF_ETHER_H_DECLARES_ETHER_NTOHOST +#define NETINET_IF_ETHER_H_DECLARES_ETHER_NTOHOST /**/ /* Define to the address where bug reports for this package should be sent. */ #define PACKAGE_BUGREPORT "" @@ -276,7 +276,7 @@ #define RETSIGTYPE void /* return value of signal handlers */ -#define RETSIGVAL +#define RETSIGVAL /**/ /* Define to 1 if you have the ANSI C header files. */ #define STDC_HEADERS 1 diff --git a/usr.sbin/tcpdump/tcpdump/tcpdump.1 b/usr.sbin/tcpdump/tcpdump/tcpdump.1 index 11706e7..ca6d795 100644 --- a/usr.sbin/tcpdump/tcpdump/tcpdump.1 +++ b/usr.sbin/tcpdump/tcpdump/tcpdump.1 @@ -23,7 +23,7 @@ .\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF .\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. .\" -.TH TCPDUMP 1 "05 March 2009" +.TH TCPDUMP 1 "12 July 2012" .SH NAME tcpdump \- dump traffic on a network .SH SYNOPSIS @@ -75,6 +75,10 @@ tcpdump \- dump traffic on a network .I file ] [ +.B \-V +.I file +] +[ .B \-s .I snaplen ] @@ -128,8 +132,10 @@ flag, which causes it to save the packet data to a file for later analysis, and/or with the .B \-r flag, which causes it to read from a saved packet file rather than to -read packets from a network interface. In all cases, only packets that -match +read packets from a network interface. It can also be run with the +.B \-V +flag, which causes it to read a list of saved packet files. In all cases, +only packets that match .I expression will be processed by .IR tcpdump . @@ -257,7 +263,9 @@ that lacks the function. .TP .B \-e -Print the link-level header on each dump line. +Print the link-level header on each dump line. This can be used, for +example, to print MAC layer addresses for protocols such as Ethernet and +IEEE 802.11. .TP .B \-E Use \fIspi@ipaddr algo:secret\fP for decrypting IPsec ESP packets that @@ -510,15 +518,19 @@ Force packets selected by "\fIexpression\fP" to be interpreted the specified \fItype\fR. Currently known types are \fBaodv\fR (Ad-hoc On-demand Distance Vector protocol), +\fBcarp\fR (Common Address Redundancy Protocol), \fBcnfp\fR (Cisco NetFlow protocol), +\fBradius\fR (RADIUS), \fBrpc\fR (Remote Procedure Call), \fBrtp\fR (Real-Time Applications protocol), \fBrtcp\fR (Real-Time Applications control protocol), \fBsnmp\fR (Simple Network Management Protocol), \fBtftp\fR (Trivial File Transfer Protocol), \fBvat\fR (Visual Audio Tool), +\fBwb\fR (distributed White Board), +\fBzmtp1\fR (ZeroMQ Message Transport Protocol 1.0) and -\fBwb\fR (distributed White Board). +\fBvxlan\fR (Virtual eXtensible Local Area Network). .TP .B \-t \fIDon't\fP print a timestamp on each dump line. @@ -591,6 +603,10 @@ With .B \-X Telnet options are printed in hex as well. .TP +.B \-V +Read a list of filenames from \fIfile\fR. Standard input is used +if \fIfile\fR is ``-''. +.TP .B \-w Write the raw packets to \fIfile\fR rather than parsing and printing them out. @@ -603,6 +619,15 @@ amount of time after they are received. Use the .B \-U flag to cause packets to be written as soon as they are received. .IP +The MIME type \fIapplication/vnd.tcpdump.pcap\fP has been registered +with IANA for \fIpcap\fP files. The filename extension \fI.pcap\fP +appears to be the most commonly used along with \fI.cap\fP and +\fI.dmp\fP. \fITcpdump\fP itself doesn't check the extension when +reading capture files and doesn't add an extension when writing them +(it uses magic numbers in the file header instead). However, many +operating systems and applications will use the extension if it is +present and adding one (e.g. .pcap) is recommended. +.IP See .BR pcap-savefile (5) for a description of the file format. @@ -706,8 +731,10 @@ For the \fIexpression\fP syntax, see .LP Expression arguments can be passed to \fItcpdump\fP as either a single argument or as multiple arguments, whichever is more convenient. -Generally, if the expression contains Shell metacharacters, it is -easier to pass it as a single, quoted argument. +Generally, if the expression contains Shell metacharacters, such as +backslashes used to escape protocol names, it is easier to pass it as +a single, quoted argument rather than to escape the Shell +metacharacters. Multiple arguments are concatenated with spaces before being parsed. .SH EXAMPLES .LP @@ -1709,6 +1736,11 @@ serviced the `new packet' interrupt. .SH "SEE ALSO" stty(1), pcap(3PCAP), bpf(4), nit(4P), pcap-savefile(5), pcap-filter(7), pcap-tstamp-type(7) +.LP +.RS +.I http://www.iana.org/assignments/media-types/application/vnd.tcpdump.pcap +.RE +.LP .SH AUTHORS The original authors are: .LP @@ -1728,7 +1760,7 @@ The current version is available via http: The original distribution is available via anonymous ftp: .LP .RS -.I ftp://ftp.ee.lbl.gov/tcpdump.tar.Z +.I ftp://ftp.ee.lbl.gov/old/tcpdump.tar.Z .RE .LP IPv6/IPsec support is added by WIDE/KAME project. |