This may
cause packets to be lost. You should limit snaplen to the
smallest number that will capture the protocol
information you are interested in. Setting snaplen to 0
means it will use the required length to catch whole
packets.
-T Force packets selected by expression to be
interpreted the specified type. Currently known types
are aodv (Ad-hoc On-demand Distance Vector
protocol), cnfp (Cisco NetFlow protocol), rpc (Remote
Procedure Call), rtp (Real-Time Applications protocol),
rtcp (Real-Time Applications control protocol), SNMP
(Simple Network Management Protocol), tftp (Trivial
File Transfer Protocol), vat (Visual Audio Tool), and wb
(distributed White Board).
-t Do not print a timestamp on each dump line.
-tt Print an unformatted timestamp on each dump line.
-ttt Print a delta (in microseconds) between current and
previous line on each dump line.
-tttt Print a timestamp in default format proceeded by
the date on each dump line.
-u Print un-decoded NFS handles.
-U Make output saved via the -w option packet-buffered;
i.e., as each packet is saved, it will be written to the
output file, rather than being written only when the
output buffer fills.
The -U flag will not be supported if tcpdump was built
with an older version of libpcap that lacks the
pcap_dump_flush() function.
-v When parsing and printing, produce (slightly more)
verbose output. For example, the time to live,
identification, total length and options in an IP packet
are printed.
Pages:
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270