Академический Документы
Профессиональный Документы
Культура Документы
To capture virtually any packet that enters any interface, you can use tcpdump. tcpdump is a complex
program, with many switches. This is the basic usage.
For more info, see http://linux.die.net/man/8/tcpdump
Synopsis
tcpdump [-n] [-i interface] [-w file] [-r file] [-s0] [-X] [-v] [expression]
-n
Show IP addresses, rather than hostnames
-i
Listen on interface
-w
Write to file in pcap format
-r
Read from pcap file
-s0
Show the whole packet, do not truncate
-X
Show both hex and ascii (helpful for looking at clear text errors)
-v
Show verbose output (use -vv and -vvv for more verbose output)
[expression]
You can use expressions to filter your query. see below for the most
commonly used.
Negation
Concatenation
Alternation
Examples
To print all packets from host 192.168.1.69 arriving at or departing on eth1 (shows only IP-addresses
and verbose output)
tcpdump veni eth5 host 192.168.0.121 or 192.168.0.135 and not port 22 and not port 4444
To print all packets to and from port 80 arriving at or departing on eth0
Advanced parameters
tcpdump
-A
-e
less xxx
greater xxx
-t
host
net
port
portrange
src
dst
src or dst
src and dst
[icmp]
Examples
To print all packets arriving at or departing from the host gordon