moved how to create a Berkely Packet Filter to expanded help

ZerBea · Nov 28, 2023 · 1ff6c12 · 1ff6c12
1 parent b5a0edd
commit 1ff6c12
Showing 1 changed file with 24 additions and 18 deletions.
diff --git a/hcxdumptool.c b/hcxdumptool.c
@@ -4551,7 +4551,29 @@ fprintf(stdout, "%s %s  (C) %s ZeroBeat\n"
 	" https://github.com/ZerBea/hcxdumptool/tree/master/docs\n"
 	"to store entire traffic, run tshark in parallel on the same interface:\n"
 	" $ tshark -i <interface> -w allframes.pcapng\n"
+	"\n"
+	"Berkeley Packet Filter:\n"
+	"-----------------------\n"
+	"tcpdump decimal numper format:\n"
+	" example: tcpdump high level compiler:\n"
+	"  $ tcpdump -s 65535 -y IEEE802_11_RADIO wlan addr3 112233445566 -ddd > filter.bpf\n"
+	"  see man pcap-filter\n"
+	" example: bpf_asm low level compiler\n"
+	"  $ bpf_asm filter.asm | tr ',' '\\n' > filter.bpf\n"
+	"  see https://www.kernel.org/doc/html/latest/networking/filter.html\n"
+	" example: bpfc low level compiler:\n"
+	"  $ bpfc -f tcpdump -i filter.asm > filter.bpf\n"
+	"  see man bpfc\n"
+	"tcpdump C style format:\n"
+	" example: tcpdump high level compiler:\n"
+	"  $ tcpdump -s 65535 -y IEEE802_11_RADIO wlan addr3 112233445566 -dd > filter.bpf\n"
+	"  see man pcap-filter\n"
+	" example: bpfc low level compiler:\n"
+	"  $ bpfc -f C -i filter.asm > filter.bpf\n"
+	"  see man bpfc\n"
+	"\n"
 	"Important recommendation:\n"
+	"-------------------------\n"
 	"Do not set monitor mode by third party tools or third party scripts!\n"
 	"Do not use virtual interfaces (monx, wlanxmon, prismx, ...)!\n"
 	"Do not use virtual machines or emulators!\n"
@@ -4603,24 +4625,8 @@ fprintf(stdout, "%s %s  (C) %s ZeroBeat\n"
 	"                  $ %s --bpfc=\"wlan addr3 112233445566\" > filter.bpf\n"
 	"                  see man pcap-filter\n"
 #endif
-	"--bpf=<file>   : input Berkeley Packet Filter (BPF) code (maximum %d instructions)\n"
-	"                  in tcpdump decimal numbers format:\n"
-	"                   example: tcpdump high level compiler:\n"
-	"                    $ tcpdump -s 65535 -y IEEE802_11_RADIO wlan addr3 112233445566 -ddd > filter.bpf\n"
-	"                    see man pcap-filter\n"
-	"                   eample: bpf_asm low level compiler\n"
-	"                    $ bpf_asm filter.asm | tr ',' '\\n' > filter.bpf\n"
-	"                    see https://www.kernel.org/doc/html/latest/networking/filter.html\n"
-	"                   example: bpfc low level compiler:\n"
-	"                    $ bpfc -f tcpdump -i filter.asm > filter.bpf\n"
-	"                    see man bpfc\n"
-	"                  in tcpdump C style format:\n"
-	"                   example: tcpdump high level compiler:\n"
-	"                    $ tcpdump -s 65535 -y IEEE802_11_RADIO wlan addr3 112233445566 -dd > filter.bpf\n"
-	"                    see man pcap-filter\n"
-	"                   example: bpfc low level compiler:\n"
-	"                    $ bpfc -f C -i filter.asm > filter.bpf\n"
-	"                    see man bpfc\n"
+	"--bpf=<file>   : input Berkeley Packet Filter (BPF) code (maximum %d instructions) in tcpdump decimal numbers format\n"
+	"                  see --help for more information\n"
 	"-h             : show this help\n"
 	"-v             : show version\n"
 	"\n",