tcpdump command line mode, its command format is: tcpdump[-adeflnNOpqStvx] [-c quantity] [-F file name] [-i network interface] [-r file Name] [ -s snaplen ] [ -T type] [ -w filename] [expression]
-a converts the network address and broadcast address to a name; -d matches the code of the packet to people The comprehensible assembly format is given; -dd gives the code matching the packet in the format of the c language block; -ddd gives the code matching the packet in decimal form; -e prints the data chain on the output line Header information of the road layer; -f prints the external Internet address as a number; -l makes the standard output a buffer line; -n does not convert the network address to a name; -t does not output every line Print timestamp; -v Output a slightly detailed information, such as ttl and service type information in the ip package; -vv output detailed message information; -c tcpdump will stop after receiving the specified number of packets; -F from Reads the expression in the specified file, ignoring other expressions; -i specifies the network interface to listen to; -r reads the package from the specified file (these packages are generally generated by the -w option); -w writes the package directly It is not parsed and printed in the file; -T interprets the intercepted packet as a packet of the specified type. Common types are rpc (remote procedure call) and snmp (simple network management protocol;)
Example:
1. If you want to grab the eth0 package, the command format is as follows:
tcpdump -i eth0 -w /tmp/eth0.cap
2 If you want to grab the 192.168.1.20 package, the command format is as follows:
tcpdump -i etho host 192.168.1.20 -w /tmp/temp.cap
3, if you want to grab 192.168.1.20 ICMP package, command format such as :
tcpdump -i etho host 192.168.1.20 and icmp -w /tmp/icmp.cap
4, if you want to capture 192.168.1.20 other than ports 10000, 10001, 10002 Package, the command format is as follows:
tcpdump -i etho host 192.168.1.20 and ! port 10000 and ! port 10001 and ! port 10002 -w /tmp/port.cap
5, if you want Grab the vlan 1 package, the command format is as follows:
tcpdump -i eth0 port 80 and vlan 1 -w /tmp/vlan.cap
6, if you want to grab the pppoe password, the command format As follows:
tcpdump -i eht0 pppoes -w /tmp/pppoe.cap
7, if you want to grab the eth0 package, grab 10000 packets and exit, the command format is as follows:
tcpdump -i eth0 -c 10000 -w /tmp/temp.cap
8. In the background, grab the eth0 packet on port 80. The command format is as follows:
nohup tcpdump - i eth0 port 80 -w /tmp/temp.cap &
#################################################################### Your own command::tcpdump -i eth0 -w /tmp/eth0.cap -s0 Otherwise the package is not complete, no content
ACL is an abbreviation of Access Control List. The main purpose is to provide detailed permission t
The method is as follows: 1. Create a new .htaccess file in the directory where you need to use the
IAP, the full name is In-Application Programming, Chinese is interpreted as Programming in the prog
A few days ago, I met a friend on QQ and asked for help. I said that the VPS I bought could not sta
Linux using fdisk tool SSH command line partition and mount using partition tutorial
Linux+Apache+Mysql+PHP build detailed instructions
Linux system security hardening tutorial
Some information in GCC embedded assembly
The difference between memory buffer and cache in Linux operating system
Solve the chrome setting font in Linux is invalid
NVIDIA graphics driver installed under Linux system
Postfix+dovecot+maildrop+mailscanner+clamav+spamassassin build
Several ways to configure IP under Linux
How to use FSlint to find and delete duplicate files on Linux
What's the matter with the win8 camera?
Windows 7 new bottle on XP old wine test version will be released
Win7 system can not start Nvidia control panel solution
WinXP system prompts did not find iertutil.dll how to do?
U disk system do-it-yourself production (1)