Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 2132] man pages refer to tcpdump(8) which isn't available

Date: Thu, 8 Apr 2010 19:24:26 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2132

--- Comment #2 from Guy Harris <guy@xxxxxxxxxxxx> 2010-04-08 19:24:24 PDT ---
Not that tcpdump(8) - or tcpdump(1), for that matter - tells you about capture
filters, either, at least on some UN*Xes:

$ sw_vers
ProductName:    Mac OS X
ProductVersion:    10.6.3
BuildVersion:    10D573
$ man tcpdump
TCPDUMP(1)                                                          TCPDUMP(1)



NAME
       tcpdump - dump traffic on a network

SYNOPSIS
       tcpdump [ -AdDefgIKlLnNOpqRStuUvxX ] [ -B buffer_size ] [ -c count ]
               [ -C file_size ] [ -G rotate_seconds ] [ -F file ]
               [ -i interface ] [ -m module ] [ -M secret ]
               [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]
               [ -W filecount ]
               [ -E spi@ipaddr algo:secret,...  ]
               [ -y datalinktype ] [ -z postrotate-command ] [ -Z user ]
               [ expression ]

                    ...

        expression
              selects which packets will  be  dumped.   If  no  expression  is
              given,  all  packets on the net will be dumped.  Otherwise, only
              packets for which expression is `true' will be dumped.

              For the expression syntax, see pcap-filter(4).

              Expression arguments can be passed to tcpdump as either a single
              argument or as multiple arguments, whichever is more convenient.
              Generally, if the expression contains Shell  metacharacters,  it
              is  easier  to  pass  it as a single, quoted argument.  Multiple
              arguments are concatenated with spaces before being parsed.

                    ...

$ man pcap-filter
PCAP-FILTER(7)                                                  PCAP-FILTER(7)



NAME
       pcap-filter - packet filter syntax

DESCRIPTION
       pcap_compile()  is used to compile a string into a filter program.  The
       resulting filter program can then be applied to some stream of  packets
       to  determine  which packets will be supplied to pcap_loop(), pcap_dis-
       patch(), pcap_next(), or pcap_next_ex().

       The filter expression consists of one or more  primitives.   Primitives
       usually consist of an id (name or number) preceded by one or more qual-
       ifiers.  There are three different kinds of qualifier:

                    ...

Any OS that's picked up libpcap 1.x and tcpdump 4.x will work that way; that
includes Mac OS X Snow Leopard, at least some newer versions of some Linux
distribtutions, and, I think, recent versions of FreeBSD.

(And, yes, the difference in section numbers for pcap-filter in the two man
pages is a tcpdump bug; I'll fix it).

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.