tcpdump is a Sniffer tool, which is actually a packet capture tool on the network, and can also analyze the captured packets. The general system is installed by default. For related introductions and installation instructions, see: Installation and use of Tcpdump. Tcpdump command description: tcpdump adopts command line mode, its command format is: tcpdump [ -adeflnNOpqStvx ] [ -c quantity] [ -F file name][ -i network interface] [ -r file name] [ -s snaplen ][ ,null,null,3],-T type] [-w filename] [expression] tcpdump options: -a converts the network address and broadcast address into a name; -d gives the matching packet code in an assembly format that people can understand;- Dd gives the code matching the packet in the format of the c language block; -ddd gives the code matching the packet in decimal form; -e prints the header information of the data link layer on the output line; -f Print the external Internet address as a number; -l make the standard output a buffer line; -n not convert the network address to a name; -t does not print a timestamp on each line of the output; -v outputs a slightly Detailed information, such as ttl and service type information in the ip package; -vv output detailed message information; -c After the number of packages, tcpdump will stop; -F reads the expression from the specified file, ignoring other expressions; -i specifies the network interface to listen to; -r reads the package from the specified file (these packages) Usually generated by the -w option); -w directly writes the package to the file, does not analyze and print it out; -T interprets the intercepted packet directly as a specified type of message, the common type is rpc (remote process Call) and snmp (Simple Network Management Protocol;)-s Set the packet size limit. The default packet size is limited to 96 BYTE (including Ethernet frames). Modify the parameter to: -s 0. 0 to ignore the size limit of the packet, and grab the actual length of the packet. Example: tcpdump -vv tcp port 5270 -c 100 -s 1500 -w /opt/sniffer.pack
The command parameter for tcpdump capture to file is -w xxx.cap grab eth1 package tcpdump - i eth1 -w /tmp/xxx.cap
Catch 192.168.1.123 package tcpdump -i eth1 host 192.168.1.123 -w /tmp/xxx.cap
Catch 192.168.1.123 of 80 Port package tcpdump -i eth1 host 192.168.1.123 and port 80 -w /tmp/xxx.cap
Catch 192.168.1.123 icmp package tcpdump -i eth1 host 192.168.1.123 and icmp -w /tmp /xxx.cap
Catch the 192.168.1.123 port 80 and other ports other than 110 and 25 tcpdump -i eth1 host 192.168.1.123 and ! port 80 and ! port 25 and ! port 110 -w /Tmp/xxx.cap
Catch vlan 1 package tcpdump -i eth1 port 80 and vlan 1 -w /tmp/xxx.cap
Catch pppoe password tcpdump -i eth1 pppoes -w /tmp/xxx.cap
Split files in 100m size, open another file over 100m-C 100m
Catch 10000 packages and exit -c 10000
Backstage Packet capture, console exit will not affect: nohup tcpdump -i eth1 port 110 -w /tmp/xxx.cap &
The file can be opened directly with ethereal or wireshark. Wireshark is the new version of ethereal, the program changed its name, haha.
For the engineers who are developing or operating the Linux platform, it is often necessary to query
With Windows for a long time, it will inevitably start to lack freshness, so some people will try to
Today, I have brought the steps of adding static routes for Linux, I hope to help my friends! 1. Add
Linux Mint is an Ubuntu-based distribution whose goal is to provide a more complete and immediate ex
How to configure wireless network card under linux system?
Basic installation and uninstallation of Linux operating system RPM and TAR
Nginx one-click installation script under Centos
Hardware scan and driver loading process
How to make Linux support ASP/ASP.NET diagram detailed tutorial
Shell monitoring linux system file changes
How to use Linux to establish a dial-up server
STM32 DAC configuration basic tutorial
Defense under Linux: How to mitigate DDOS attacks
Several ways to run linux process background
Rpm package and yum installation and uninstallation under CentOS
Easy to learn anti-word document printing
Win10 10537 preview version of the start video New animation /icon changes
How to add user avatar under win10 system
Browser Internet Explorer has stopped working
Windows 7 built-in function to adjust the partition is not asking for people
Microsoft's new Fresh Paint comes with Win8.1