-b
Specifies the number of buffers used to communicate with the
TCP/IP kernel. The default is 400 on Alpha systems and 50 on VAX
systems.
"-B"
Displays buffer diagnostics showing when dropped packets occur.
Use quotation marks to preserve the case of uppercase options.
-c
Exits after receiving count packets.
-d
Dumps the compiled packet-matching code to standard output and
stops.
-e
Displays the link-level header on each dump line.
-f
Displays foreign internet addresses numerically rather than
symbolically.
"-F" file
Uses file as input for the filter expression. Any additional
expressions on the command line are ignored. Use quotation marks
to preserve the case of uppercase options.
-l
Buffers the stdout line. This is useful if you want to see the
data while capturing it.
-m
Enables multiline output from some protocols. This affects most
ONC RPC decoding, as those protocols are often difficult to
display on a single line.
-n
Does not convert addresses (for example, host addresses and port
numbers) to names.
"-N"
Does not display domain name qualification of host names.
For example, with this option, tcpdump displays nic instead
of nic.ddn.mil. Use quotation marks to preserve the case of
uppercase options.
"-O"
Does not run the packet-matching code optimizer. This is useful
only if you suspect a bug in the optimizer. Use quotation marks
to preserve the case of uppercase options.
-q
Quick (quiet) output. Displays less protocol information so
output line are shorter.
-r file
Reads packets from file (which was created with the -w option).
Standard input is used if a hyphen (-) is used to specify the
file.
-s snaplen
Displays the number of bytes of data from each packet as
specified by the value of snaplen, rather than the default of
68. The default of 68 bytes is adequate for IP, ICMP, TCP, and
UDP, but may truncate protocol information from name server and
NFS packets. Packets truncated because of a limited snapshot are
indicated in the output with [|proto], where proto is the name of
the protocol level at which the truncation has occurred.
NOTE
Taking larger snapshots both increases the amount of time it
takes to process packets and decreases the amount of packet
buffering. This may cause packets to be lost. You should
limit the value of snaplen to the smallest number that will
capture the protocol information you need.
"-S"
Displays absolute, rather than relative, TCP sequence numbers.
Use quotation marks to preserve the case of uppercase options.
-t
Does not display a timestamp on each dump line.
-tt
Displays an unformatted timestamp on each dump line.
-v
Displays verbose output. For example, the time to live and type
of service information in an IP packet is displayed. If -m is
also specified, ONC RPC packets sent using TCP are decoded
twice: first as RPC, then as TCP. By default, the TCP decoding
is suppressed.
-vv
Displays detailed verbose output. For example, additional fields
are displayed from NFS reply packets.
-w file
Writes the raw packets to file rather than parsing and displaying
them. They can later be displayed with the -r option. Standard
output is used if a hyphen (-) is used to specify the file.
-x
Displays each packet (minus its link level header) in hexadecimal
format.
The smaller of the entire packet or snaplen bytes is displayed.
"-X"
Displays packets in both hexadecimal and ASCII formats. Use
quotation marks to preserve the case of uppercase options.