There's a couple of combinations of args to "monitor traffic" which do not work correctly, there's some misaligned positional args fed to tcpdump. The ones I've noticed are under 'verbose':
$ monitor traffic interface eth0 verbose save testing.pcap tcpdump: listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes [...] $ ls -l testing.pcap ls: cannot access 'testing.pcap': No such file or directory $ ls -l total 4 -rw-r--r-- 1 tcpdump tcpdump 1534 Jun 8 15:03 save
and
$ monitor traffic interface eth0 verbose filter 'ip proto 50' tcpdump: can't parse filter expression: syntax error
vs working as expected without verbose:
$ monitor traffic interface eth0 filter 'ip proto 50' tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
When I get a second, I'll give traffic-dump.xml.in an op-mode wrapper and clean up the args, hopefully in a similar style to mtr.xml.in.