PCAP-FILTER(5) - File Formats Manual # PCAP-FILTER(5) - File Formats Manual
NAME # pcap-filter - packet filter syntax
DESCRIPTION # pcap_compile(3) compiles pcap filters for software such as tcpdump(8). The resulting filter program can then be applied to some stream of packets to determine which packets will be supplied to pcap_loop(3), pcap_dispatch(3), pcap_next(3), or pcap_next_ex(3).
The filter expression consists of one or more primitives. Primitives usually consist of an id (name or number) preceded by one or more qualifiers.
...
PFLOGD(8) - System Manager’s Manual # PFLOGD(8) - System Manager’s Manual
NAME # pflogd - packet filter logging daemon
SYNOPSIS # pflogd [-Dx] [-d delay] [-f filename] [-i interface] [-s snaplen] [expression]
DESCRIPTION # pflogd is a background daemon which reads packets logged by pf(4) to a pflog(4) interface, normally pflog0, and writes the packets to a logfile (normally /var/log/pflog) in tcpdump(8) binary format. These logs can be reviewed later using the -r option of tcpdump(8), hopefully offline in case there are bugs in the packet parsing code of tcpdump(8).
...
Filter,
Udp,
Pcap_open_live,
Pf.os,
Protocols,
Bpf,
Services,
Pflog,
Ether_aton,
Hosts,
Tcp,
Ip,
Pf,
Tcpdump TCPDUMP(8) - System Manager’s Manual # TCPDUMP(8) - System Manager’s Manual
NAME # tcpdump - dump traffic on a network
SYNOPSIS # tcpdump [-AadefILlNnOopqStvXx] [-B fildrop] [-c count] [-D direction] [-E [espalg:]espkey] [-F file] [-i interface] [-r file] [-s snaplen] [-T type] [-w file] [-y datalinktype] [expression]
DESCRIPTION # tcpdump prints out the headers of packets on a network interface that match the boolean expression. You must have read access to /dev/bpf.
...