This is an automated email from the ASF dual-hosted git repository.
xiaoxiang781216 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nuttx.git
The following commit(s) were added to refs/heads/master by this push:
new 7922011b72f Documentation: document tcpdump command.
7922011b72f is described below
commit 7922011b72f75ce79c2ce532b54c4d4141b387a0
Author: hanzj <[email protected]>
AuthorDate: Sun Jun 7 07:37:13 2026 +0800
Documentation: document tcpdump command.
Add documentation for the tcpdump system command, covering
command-line options (-i, -w, -s), Kconfig configuration,
usage examples, and notes on pcap output format compatibility.
Signed-off-by: hanzj <[email protected]>
---
.../applications/system/tcpdump/index.rst | 81 ++++++++++++++++++++++
1 file changed, 81 insertions(+)
diff --git a/Documentation/applications/system/tcpdump/index.rst
b/Documentation/applications/system/tcpdump/index.rst
index c83214a2e9a..e119fd71069 100644
--- a/Documentation/applications/system/tcpdump/index.rst
+++ b/Documentation/applications/system/tcpdump/index.rst
@@ -1,3 +1,84 @@
===========================
``tcpdump`` tcpdump command
===========================
+
+Captures network packets from a specified interface and writes them to a file
+in `pcap <https://www.tcpdump.org/>`__ format. The resulting capture file can
+be analyzed with tools such as Wireshark or ``tcpdump`` on a host machine.
+
+Configuration
+=============
+
+Enable the command with ``CONFIG_SYSTEM_TCPDUMP``. This option requires
+``CONFIG_NET_PKT`` (raw packet socket support) and automatically selects
+``CONFIG_SYSTEM_ARGTABLE3`` for command-line argument parsing.
+
+The following configuration options are available:
+
+``CONFIG_SYSTEM_TCPDUMP_PROGNAME``
+ Program name for the ``tcpdump`` command. Default: ``tcpdump``.
+
+``CONFIG_SYSTEM_TCPDUMP_PRIORITY``
+ Task priority. Default: ``100``.
+
+``CONFIG_SYSTEM_TCPDUMP_STACKSIZE``
+ Stack size. Default: ``4096``.
+
+Usage
+=====
+
+.. code-block:: console
+
+ nsh> tcpdump -i <interface> -w <file> [-s <snaplen>]
+
+Options
+=======
+
+``-i <interface>``, ``--interface <interface>``
+ Network interface to capture from (e.g. ``eth0``). Required.
+
+``-w <file>``
+ Path to the output pcap file. Required.
+
+``-s <snaplen>``, ``--snapshot-length <snaplen>``
+ Maximum number of bytes to capture per packet. Optional.
+ Default: ``262144``.
+
+Examples
+========
+
+Capture all packets on ``eth0`` and save to a file:
+
+.. code-block:: console
+
+ nsh> tcpdump -i eth0 -w /tmp/capture.pcap
+ ^C
+
+Capture with a limited snapshot length:
+
+.. code-block:: console
+
+ nsh> tcpdump -i eth0 -w /tmp/capture.pcap -s 1500
+ ^C
+
+Copy the capture file to a host machine for analysis with Wireshark:
+
+.. code-block:: console
+
+ nsh> cp /tmp/capture.pcap /mnt/capture.pcap
+
+Notes
+=====
+
+- The output file uses the pcap format (version 2.4, nanosecond resolution)
+ which is compatible with Wireshark, ``tcpdump``, and other standard capture
+ analysis tools.
+- The command captures on the specified interface until interrupted with
+ ``Ctrl-C`` (``SIGINT``).
+- The link-layer type is detected automatically: ``LINKTYPE_ETHERNET`` (1)
+ for Ethernet interfaces, or ``LINKTYPE_RAW`` (101) for other interfaces
+ such as SLIP or tun.
+- Packets are timestamped using ``CLOCK_REALTIME``. Ensure the system clock
+ is set correctly for meaningful timestamps in the capture file.
+- The capture requires ``CONFIG_NET_PKT`` to be enabled for raw packet
+ socket support.
