-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
49 lines (32 loc) · 1.52 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
ETHDUMP(1)
NAME
ethdump - A bad imitation of tcpdump
SYNOPSIS
ethdump [ -f filter ]
-i interface
DESCRIPTION
An incomplete, slow, and bug-ridden implemention of tcpdump except only
for fields of the ethernet header (and some IP headers).
OPTIONS
-i Specify the network interface to dump ethernet packets from.
-f Define a filter. Only packets that match the filter will be
displayed.
FILTERS
A filter is defined by:
FIELD OPERATOR VALUE
FIELD describes a field of the packet and can be one of:
ethsrc The source MAC address of the ethernet packet.
ethdst The destination MAC address of the ethernet packet
ethtype The type of the ethernet packet (as defined by IEEE 802).
ipsrc The source IPv4 address of the IP packet.
ipdst The destination IPaddress of the IP packet.
iptype IP protocol header.
OPERATOR describes the comparison to make on the field. It can be one of:
== Equals
!= Not equals
VALUE is an argument to the operator. It must be a either:
ipaddr An IPv4 address literal: 4 bytes separated by dots, for
example 192.168.87.20.
ethaddr A MAC address literal: 6 pairs of hex digits separated by
colons, for example de:ad:12:be:ef:34.
number A positive integer.