Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
IPGRAB(8)		    System Manager's Manual		     IPGRAB(8)

       ipgrab -	A Verbose Packet Sniffer

       ipgrab [	-ablmnPprTtwx ]	[ -c cnt ] [ -i	if ] [ expr ]

       ipgrab  reads and parses	packets	from the link layer through the	appli-
       cation layer, dumping explicit header information along the way.	 It is
       a lot like tcpdump except that it prints	almost every header field.

       -a     Do not display application layer data.

       -b     Buffer standard output. Useful when you're redirecting output to
	      a	file.

       -c cnt, --count cnt
	      Terminate	after receiving	cnt packets.

       -C proto, --CCP proto
	      Assume a particular CCP protocol,	such as	MPPC. MPPC is the only
	      one supported as yet.

       -d     Dump  extra  padding in packets. For example, according to an IP
	      header, the packet ends at a certain point, but the  link	 layer
	      may  have	 padded	 it beyond that. This option displays the pad-
	      ding. Not	valid in minimal mode.

       -h, --help
	      Display usage screen with	a brief	 description  of  the  command
	      line options.

       -i if, --interface if
	      Makes  ipgrab  listen to packets on interface if,	e.g., eth0. If
	      this option is not used, the default interface will be assumed.

       -l     Don't display link-layer headers.	The  following	protocols  are
	      considered  to  be  link	layer: ARP, CHAP, Ethernet, IPCP, LCP,
	      LLC, Loopback, PPP, PPPoE, Raw, Slip.

       -m     Minimal mode output. When	operating in this  mode,  ipgrab  dis-
	      plays only brief header information.

       -n     Don't display network-layer headers. The following protocols are
	      considered to be network layer:  AH,  ESP,  GRE,	ICMP,  ICMPv6,
	      IGMP, IP,	IPv6, IPX, IPXRIP.

       -P string
	      Initiate a dynamic port mapping. This option must	be followed by
	      a	string of the form `<protocol>=<port>',	such as	`http=8080'.

       -p     Dump packet payloads beyond what IPgrab parses. In other	words,
	      if  IPgrab  does not parse a particular application, this	option
	      will dump	application data in hex	and text format.

       -r FILE
	      Read packets from	a file,	rather than  an	 interface.  The  file
	      shoule be	created	in "raw" format, such as with '-w' option.

       -T     Do not display timestamps	in minimal mode.

       -t     Don't  display  transport	layer headers. The following protocols
	      are considered to	be transport layer: SPX, TCP, UDP.

       -v, --version
	      Display version number and then quit.

       -w FILE
	      Write the	raw packets to a file, rather  than  the  screen.  The
	      packets  will  not be parsed. The	file can be read with the '-r'

       -x     Hex dump mode. After processing each layer, dump	out  the  con-
	      tents of that layer in hex and text. Only	valid in main mode.

       expr   Berkeley	packet filter expression.  See tcpdump(8) man page for
	      details and examples.


       Requires	libpcap	version	0.3 or greater to be installed.

       Michael S. Borella

				 07 March 2007			     IPGRAB(8)


Want to link to this manual page? Use this URL:

home | help