* PARAM-NAMES: Print names of STRING-PARAM records, one line for each LIST.
* NICKS: Collect data about user and their nicks and friend lists.
* QUERY: Collect data about SQL queries.
* NATNEG: Collect data about NATNEG records.
* ALL: All of above.
|-q||--quiet||Suppress log messages about opened dump files.|
|--adjust||time||Adjust time stamps of the network dump by adding 'time' seconds. This may help to synchronize different dumps. The argument is scanned for SI factors, time units, plus and minus terms.|
|--skip||time||Skip first 'time' seconds of each read network dump. The argument is scanned for SI factors, time units, plus and minus terms. Negative values are relative to the end (or ignored for pipes).|
|--term||time||Terminate each dump at 'time' seconds. The argument is scanned for SI factors, time units, plus and minus terms. Negative values are relative to the end (or ignored for pipes).|
|--combine||Logical combine network dumps to one single dump before executing options --skip and --term.|
|--checksum||Normally, UDP packets with wrong checksums are dropped. If --checksum is set, the checksums are calculated, but no packet is dropped. Some dumps will print a status info. If set twice, checksums are never calculated and assumed to be correct. --csum is a short cut.|
|-f||--follow||Don't close the last input dump on reaching end of file. Instead wait for appended data. This works like the unix tool 'tail -f'.|
|--ip||addr[:port]||Define an address (IP or DNS name) and optional a port for filtering. Only packets from or to this host are accepted, all others are ignored.|
|--home||addr||Define an address (IP or DNS name) as home client.
Without this options, the tool tries to determine the home client by analysing sender and receiver of the first non filtered packet. A local network (10/8, 172.16/12, 192.168/16, 169.254/16) has priority over a non local network. If sender and receiver have the same priority, the IP of the sender is used.
|--wii||addr[:port]||Define an address (IP or DNS name) and optional a port as home client and for filtering. This options is a shortcut for »--home addr --ip addr:port«.|
|--real-time-factor||factor||If set (>0.0), the time differences of the packet time is compared with the real time difference. If a packet will be served to early, the tool sleeps a while.
Value 1.0 forces a real time dump. Values >1.0 force a time-laps effect and values <1.0 a slow-motion effect. --rtf is a short cut.
The intention of this option is to simulate a regular input stream on already dumped and stored data in real time. Use this option never for live incoming data, because packets may be lost.
|--real-time-wait||seconds||If set (>0.0) and the real time option --real-time-factor is enabled, it defines the maximum real time between 2 packets. The default is 3 seconds. --rtw is a short cut.|
|--write||file||Write filtered network packets as PCAP v2.4 to 'file' with local endian and microseconds format.|
|--wflush||Flush the output after each packet written by --write.|
|-x||--hex||In some hexdumps well known data is replaced by its name to create more unique records. But if --hex is set, all values are printed as hex values.|
|-p||--no-proxy||Don't dump proxy packets (packets, which contains a PROXY record).|
|--and||If one or more filters are enabled by --receive, --send, --receive-mac, --send-mac, --receive-ip or --send-ip, then a packet or record is only dumped, if it match to at least one of the enabled filters.
But if --and is set, a packet must match *all* enabled filters.
|-r||--receive||Dump only network packets received by the home client (option --home). For combinations with other packet filters see option --and.|
|-s||--send||Dump only network packets send by the home client (option --home). For combinations with other packet filters see option --and.|
|--receive-mac||addr||Dump only network packets received by the entered MAC address.
|--send-mac||addr||Dump only network packets send by the entered MAC address.
|--transfer-mac||addr||Dump only network packets receiced or send by the entered MAC address.
|--receive-ip||addr||Dump only network packets received by the entered address (IP or DNS name).
|--send-ip||addr||Dump only network packets send by the entered address (IP or DNS name).
|--transfer-ip||addr||Dump only network packets received or send by the entered address.
|-o||--only-servers||Dump only network packets from and to known servers.|
|-L||--length||ranges||Dump only UDP packets with specified UDP data length. The 8 bytes long UDP header does not count.
The parameter is a comma separated list of
|-S||--stage||list||Dump UDP packets only, if one of the entered stages is active.|
|--xevent||Support the XEVENT record type. It is an overlay over the ITEM and EVENT records. --xeve is a shortcut. The option is automatically set, if --type or --TYPE call the XEVENT record.|
|-t||--type||list||Dump UDP packets only, if at least one record of the packet match the entered record list.|
|-T||--TYPE||list||Same as --type except for command