Technical data
tcpdump
-l
Buffers the
stdout
line. This is useful if you want to see the data while capturing
it.
-m
Enables multiline output from some protocols. This affects most ONC RPC
decoding, as those protocols are often difficult to display on a single line.
-n
Does not convert addresses (for example, host addresses and port numbers) to
names.
"-N"
Does not display domain name qualification of host names. For example, with
this option,
tcpdump
displays
nic
instead of
nic.ddn.mil
. Use quotation marks to
preserve the case of uppercase options.
"-O"
Does not run the packet-matching code optimizer. This is useful only if you
suspect a bug in the optimizer. Use quotation marks to preserve the case of
uppercase options.
-q
Quick (quiet) output. Displays less protocol information so output line are
shorter.
-r file
Reads packets from file (which was created with the
-w
option). Standard input is
used if a hyphen (-) is used to specify the file.
-s snaplen
Displays the number of bytes of data from each packet as specified by the value of
snaplen, rather than the default of 68. The default of 68 bytes is adequate for IP,
ICMP, TCP, and UDP, but may truncate protocol information from name server
and NFS packets. Packets truncated because of a limited snapshot are indicated
in the output with
[|proto]
, where proto is the name of the protocol level at
which the truncation has occurred.
Note
Taking larger snapshots both increases the amount of time it takes to
process packets and decreases the amount of packet buffering. This may
cause packets to be lost. You should limit the value of
snaplen
to the
smallest number that will capture the protocol information you need.
"-S"
Displays absolute, rather than relative, TCP sequence numbers. Use quotation
marks to preserve the case of uppercase options.
-t
Does not display a timestamp on each dump line.
-tt
Displays an unformatted timestamp on each dump line.
Troubleshooting Utilities Reference A–43