netdumpd(1) netdumpd(1) NAME netdumpd - Log network traffic SYNOPSIS netdumpd [ -hvp ] [ -s snaplen ] -i interface -w output file [ BPF filter expression ] DESCRIPTION netdumpd is a simple daemon which basically acts like a daemonized version of tcpdump. It sniffs network traffic on a particular interface and writes the packets it sees to a standard libpcap dump file. netdumpd was written to log packet headers for statistical analysis by other programs which read pcap dump files such as bpfcount. The main difference between netdumpd and any number of other programs which can dump network traffic (aside from the fact that it runs as a daemon) is that netdumpd is designed to handle log rotation correctly. When it receives a SIGHUP it will gracefully close and re-open the dump file it is currently writing to, which allows for the dump file to be rotated cleanly and without loosing any packets. OPTIONS -h Display command line help. -v Display version number. -p Do not put the interface into promiscuous mode while running. -i Sniff packets from the specified network interface. -s Log only the first bytes of every packet seen. The default is 68 bytes, which is sufficient to capture basic Ethernet, IPv4 and transport layer protocol headers on a standard Ethernet interface. -w Log packets to this output file. This will be a libpcap dump file, similar to what is produced with 'tcpdump -w'. A filter which all packets must match in order to be logged. This is the same sort of expression you'd use with tcpdump. If no expression is given, all packets will be logged. SIGNALS If netdumpd receives a SIGHUP, it will safely close and re-open its output file. This allows for safe log rota- tion. If netdumpd receives a SIGTERM, it will safely close the current output file and exit. SEE ALSO tcpdump(8), pcap(3), http://www.rhythm.cx/~steve/devel/netdumpd netdumpd(1)