ipgrab(8)
A Verbose Packet Sniffer
SYNOPSIS
ipgrab [ -ablmnPprTtwx ] [ -c
cnt ] [ -i
if ] [ expr ]
DESCRIPTION
ipgrab reads and parses packets from the link layer through the
application layer, dumping explicit header information along the way.
It is a lot like
tcpdump except that it prints almost every
header field.
Options
- -a
-
Do not display application layer data.
- -b
-
Buffer standard output. Useful when you're redirecting output to a file.
- -c cnt, --count cnt
-
Terminate after receiving cnt packets.
- -C proto, --CCP proto
-
Assume a particular CCP protocol, such as MPPC. MPPC is the only one supported as yet.
- -d
-
Dump extra padding in packets. For example, according to an IP header, the
packet ends at a certain point, but the link layer may have padded it
beyond that. This option displays the padding. Not valid in minimal mode.
- -h, --help
-
Display usage screen with a brief description of the command line options.
- -i if, --interface if
-
Makes ipgrab listen to packets on interface if, e.g., eth0. If this
option is not used, the default interface will be assumed.
- -l
-
Don't display link-layer headers. The following protocols are considered to
be link layer: ARP, CHAP, Ethernet, IPCP, LCP, LLC, Loopback, PPP, PPPoE,
Raw, Slip.
- -m
-
Minimal mode output. When operating in this mode, ipgrab displays only brief
header information.
- -n
-
Don't display network-layer headers. The following protocols are considered
to be network layer: AH, ESP, GRE, ICMP, ICMPv6, IGMP, IP, IPv6, IPX, IPXRIP.
- -P string
-
Initiate a dynamic port mapping. This option must be followed by a string
of the form `<protocol>=<port>', such as `http=8080'.
- -p
-
Dump packet payloads beyond what IPgrab parses. In other words, if IPgrab
does not parse a particular application, this option will dump application
data in hex and text format.
- -r FILE
-
Read packets from a file, rather than an interface. The file shoule be
created in "raw" format, such as with '-w' option.
- -T
-
Do not display timestamps in minimal mode.
- -t
-
Don't display transport layer headers. The following protocols are considered
to be transport layer: SPX, TCP, UDP.
- -v, --version
-
Display version number and then quit.
- -w FILE
-
Write the raw packets to a file, rather than the screen. The packets will not
be parsed. The file can be read with the '-r' option.
- -x
-
Hex dump mode. After processing each layer, dump out the contents of that
layer in hex and text. Only valid in main mode.
- expr
-
Berkeley packet filter expression.
See tcpdump(8) man page for details and examples.
NOTES
Requires libpcap version 0.3 or greater to be installed.
