Provided by: ipgrab_0.9.10-1.1ubuntu1_i386 bug

NAME

       ipgrab - A Verbose Packet Sniffer

SYNOPSIS

       ipgrab [ -ablmnPprTtwx ] [ -c cnt ] [ -i if ] [ expr ]

DESCRIPTION

       ipgrab  reads  and  parses  packets  from  the  link  layer through the
       application layer, dumping explicit header information along  the  way.
       It  is  a  lot  like  tcpdump except that it prints almost every header
       field.

   Options
       -a     Do not display application layer data.

       -b     Buffer standard output. Useful when you're redirecting output to
              a file.

       -c cnt, --count cnt
              Terminate after receiving cnt packets.

       -C proto, --CCP proto
              Assume a particular CCP protocol, such as MPPC. MPPC is the only
              one supported as yet.

       -d     Dump extra padding in packets. For example, according to  an  IP
              header,  the  packet ends at a certain point, but the link layer
              may have  padded  it  beyond  that.  This  option  displays  the
              padding. Not valid in minimal mode.

       -h, --help
              Display  usage  screen  with  a brief description of the command
              line options.

       -i if, --interface if
              Makes ipgrab listen to packets on interface if, e.g.,  eth0.  If
              this option is not used, the default interface will be assumed.

       -l     Don't  display  link-layer  headers. The following protocols are
              considered to be link layer: ARP,  CHAP,  Ethernet,  IPCP,  LCP,
              LLC, Loopback, PPP, PPPoE, Raw, Slip.

       -m     Minimal  mode  output.  When  operating  in  this  mode,  ipgrab
              displays only brief header information.

       -n     Don't display network-layer headers. The following protocols are
              considered  to  be  network  layer:  AH, ESP, GRE, ICMP, ICMPv6,
              IGMP, IP, IPv6, IPX, IPXRIP.

       -P string
              Initiate a dynamic port mapping. This option must be followed by
              a string of the form `<protocol>=<port>', such as `http=8080'.

       -p     Dump  packet payloads beyond what IPgrab parses. In other words,
              if IPgrab does not parse a particular application,  this  option
              will dump application data in hex and text format.

       -r FILE
              Read  packets  from  a  file, rather than an interface. The file
              shoule be created in "raw" format, such as with '-w' option.

       -T     Do not display timestamps in minimal mode.

       -t     Don't display transport layer headers. The  following  protocols
              are considered to be transport layer: SPX, TCP, UDP.

       -v, --version
              Display version number and then quit.

       -w FILE
              Write  the  raw  packets  to a file, rather than the screen. The
              packets will not be parsed. The file can be read with  the  '-r'
              option.

       -x     Hex  dump  mode.  After  processing  each  layer,  dump  out the
              contents of that layer in hex and text. Only valid in main mode.

       expr   Berkeley packet filter expression.  See tcpdump(8) man page  for
              details and examples.

SEE ALSO

       tcpdump(8)

NOTES

       Requires libpcap version 0.3 or greater to be installed.

AUTHOR

       Michael S. Borella
       http://www.borella.net/mike/
       mike@borella.net

                                 07 March 2007                       IPGRAB(8)