diff --git a/ChangeLog b/ChangeLog
index 794f26a..8718c48 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,7 @@
 2018-04-01
 - Add program exit in nfx.c after panic with correupt data file
 - Add missing size check when reading nfdump 1.5.x common record blocks
+- Add missing option -M in man page. Issue #103
 
 2018-02-11
 - Add missing json output format in nfdump help text
diff --git a/man/nfcapd.1 b/man/nfcapd.1
index d870ac0..5395fa1 100755
--- a/man/nfcapd.1
+++ b/man/nfcapd.1
@@ -86,6 +86,16 @@ the final directory is concatenated to \fIbase_directory/sub_hierarchy. Multiple
 sources can be specified. All data is sent to the same port specified by \fI\-p\fR.
 Note: You must not mix \-n option with \-I and \-l. Use either syntax.
 .TP 3
+.B -M \fI<dynbase_directory>
+Specifies the base directory to store the output files. In contrast to -l -M allows to add 
+dynamically new flow sources (exporters), as they appear. All exporters send netflow data 
+to the same port and IP.  For each dynamically added source, a new directory is created 
+with the name of the IPv4/IPv6 address of the exporter. All '.' and ':" in IP addresses 
+are replaced be '-' e.g.  10.11.12.13 is converted to the directory name 10-11-12-13.
+Note: Please make sure to restrict at host level the potential range of IP addresses 
+which are allowed to connect to nfcapd. Otherwise you risk a potential DoS attack on
+nfcapd, as nfcapd has no built in restrictions.
+.TP 3
 .B -f \fI<pcap_file>
 Read netflow packets from a give \fIpcap_file\fR instead of the network. This 
 requires nfcapd to be compiled with the pcap option and is intended for debugging only.