ipgrab − A Verbose Packet Sniffer
ipgrab [ -ablmnPprTtwx ] [ -c cnt ] [ -i if ] [ expr ]
ipgrab reads and parses packets from the link layer through the application layer, dumping explicit header information along the way. It is a lot like tcpdump except that it prints almost every header field.
Options
-a |
Do not display application layer data. |
||
-b |
Buffer standard output. Useful when you’re redirecting output to a file. |
-c cnt, --count cnt
Terminate after receiving cnt packets.
-C proto, --CCP proto
Assume a particular CCP protocol, such as MPPC. MPPC is the only one supported as yet.
-d |
Dump extra padding in packets. For example, according to an IP header, the packet ends at a certain point, but the link layer may have padded it beyond that. This option displays the padding. Not valid in minimal mode. |
-h, --help
Display usage screen with a brief description of the command line options.
-i if, --interface if
Makes ipgrab listen to packets on interface if, e.g., eth0. If this option is not used, the default interface will be assumed.
-l |
Don’t display link-layer headers. The following protocols are considered to be link layer: ARP, CHAP, Ethernet, IPCP, LCP, LLC, Loopback, PPP, PPPoE, Raw, Slip. |
||
-m |
Minimal mode output. When operating in this mode, ipgrab displays only brief header information. |
||
-n |
Don’t display network-layer headers. The following protocols are considered to be network layer: AH, ESP, GRE, ICMP, ICMPv6, IGMP, IP, IPv6, IPX, IPXRIP. |
-P string
Initiate a dynamic port mapping. This option must be followed by a string of the form ‘<protocol>=<port>’, such as ‘http=8080’.
-p |
Dump packet payloads beyond what IPgrab parses. In other words, if IPgrab does not parse a particular application, this option will dump application data in hex and text format. |
-r FILE
Read packets from a file, rather than an interface. The file should be created in "raw" format, such as with ’-w’ option.
-T |
Do not display timestamps in minimal mode. |
||
-t |
Don’t display transport layer headers. The following protocols are considered to be transport layer: SPX, TCP, UDP. |
-v, --version
Display version number and then quit.
-w FILE
Write the raw packets to a file, rather than the screen. The packets will not be parsed. The file can be read with the ’-r’ option.
-x |
Hex dump mode. After processing each layer, dump out the contents of that layer in hex and text. Only valid in main mode. |
||
expr |
Berkeley packet filter expression. See tcpdump(8) man page for details and examples. |
Requires libpcap version 0.3 or greater to be installed.
Michael S. Borella
http://www.borella.net/mike/
mike AT borella DOT net