document -E. this option has very nasty effects and I'm still wondering
if it is correct to include it in tcpdump.org distribution.
diff --git a/tcpdump.1 b/tcpdump.1
index f94553e..c2d635c 100644
--- a/tcpdump.1
+++ b/tcpdump.1
@@ -1,4 +1,4 @@
-.\" @(#) $Header: /tcpdump/master/tcpdump/Attic/tcpdump.1,v 1.72 1999-12-22 15:44:10 itojun Exp $ (LBL)
+.\" @(#) $Header: /tcpdump/master/tcpdump/Attic/tcpdump.1,v 1.73 2000-01-15 07:54:15 itojun Exp $ (LBL)
.\"
.\" Copyright (c) 1987, 1988, 1989, 1990, 1991, 1992, 1994, 1995, 1996, 1997
.\" The Regents of the University of California. All rights reserved.
@@ -66,6 +66,10 @@
.br
.ti +8
[
+.B \-E
+.I algo:secret
+]
+[
.I expression
]
.br
@@ -122,6 +126,25 @@
.B \-e
Print the link-level header on each dump line.
.TP
+.B \-E
+Use \fIalgo:secret\fP for decrypting IPsec ESP packets. Algorithms may be
+\fIdes-cbc\fP,
+\fI3des-cbc\fP,
+\fIblowfish-cbc\fP,
+\fIrc3-cbc\fP,
+\fIcast128-cbc\fP, or
+\fInone\fP.
+The default is \fIdes-cbc\fP.
+The ability to decrypt packets is only present if tcpdump was compiled
+with cryptography enabled.
+\fIsecret\fP the ascii text for ESP secret key.
+We cannot take arbitrary binary value at this moment.
+The option assumes RFC2406 ESP, not RFC1827 ESP.
+The option is only for debugging purposes, and
+the use of this option with truely `secret' key is discouraged.
+By presenting IPsec secret key onto command line
+you make it visible to others, via ps(1) and other occasions.
+.TP
.B \-f
Print `foreign' internet addresses numerically rather than symbolically
(this option is intended to get around serious brain damage in
@@ -1312,7 +1335,5 @@
.LP
.BR "ip6 proto"
should chase header chain, but at this moment it does not.
-.BR tcp
-or
-.BR udp
-should chase header chain too.
+.BR "ip6 protochain"
+is supplied for this behavior.
