Provided by: ipgrab_0.9.10-1.1ubuntu1_amd64 bug

NAME
       ipgrab - A Verbose Packet Sniffer


SYNOPSIS
       ipgrab [ -ablmnPprTtwx ] [ -c cnt ] [ -i if ] [ expr ]


DESCRIPTION
       ipgrab reads and parses packets from the link layer through the application layer, dumping
       explicit header information along the way.  It is a lot like tcpdump except that it prints
       almost every header field.

   Options
       -a     Do not display application layer data.

       -b     Buffer standard output. Useful when you're redirecting output to a file.

       -c cnt, --count cnt
              Terminate after receiving cnt packets.

       -C proto, --CCP proto
              Assume  a  particular CCP protocol, such as MPPC. MPPC is the only one supported as
              yet.

       -d     Dump extra padding in packets. For example, according to an IP header,  the  packet
              ends  at  a  certain point, but the link layer may have padded it beyond that. This
              option displays the padding. Not valid in minimal mode.

       -h, --help
              Display usage screen with a brief description of the command line options.

       -i if, --interface if
              Makes ipgrab listen to packets on interface if, e.g., eth0. If this option  is  not
              used, the default interface will be assumed.

       -l     Don't display link-layer headers. The following protocols are considered to be link
              layer: ARP, CHAP, Ethernet, IPCP, LCP, LLC, Loopback, PPP, PPPoE, Raw, Slip.

       -m     Minimal mode output. When operating in this mode, ipgrab displays only brief header
              information.

       -n     Don't  display  network-layer headers. The following protocols are considered to be
              network layer: AH, ESP, GRE, ICMP, ICMPv6, IGMP, IP, IPv6, IPX, IPXRIP.

       -P string
              Initiate a dynamic port mapping. This option must be followed by a  string  of  the
              form `<protocol>=<port>', such as `http=8080'.

       -p     Dump  packet payloads beyond what IPgrab parses. In other words, if IPgrab does not
              parse a particular application, this option will dump application data in  hex  and
              text format.

       -r FILE
              Read  packets  from a file, rather than an interface. The file shoule be created in
              "raw" format, such as with '-w' option.

       -T     Do not display timestamps in minimal mode.

       -t     Don't display transport layer headers. The following protocols are considered to be
              transport layer: SPX, TCP, UDP.

       -v, --version
              Display version number and then quit.

       -w FILE
              Write  the  raw  packets to a file, rather than the screen. The packets will not be
              parsed. The file can be read with the '-r' option.

       -x     Hex dump mode. After processing each layer, dump out the contents of that layer  in
              hex and text. Only valid in main mode.

       expr   Berkeley  packet  filter  expression.   See  tcpdump(8)  man  page  for details and
              examples.


SEE ALSO
       tcpdump(8)


NOTES
       Requires libpcap version 0.3 or greater to be installed.


AUTHOR
       Michael S. Borella
       http://www.borella.net/mike/
       mike@borella.net

                                          07 March 2007                                 IPGRAB(8)