tcpdump Supporting tagline

Usage

Usage: tcpdump [-aAbdDefhHIKlLnNOpqRStuUvxX] [ -B size ] [ -c count ]
		[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
		[ -i interface ] [ -M secret ]
		[ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]
		[ -W filecount ] [ -y datalinktype ] [ -z command ]
		[ -Z user ] [ expression ]

分类

type:host,port,portrange,net

	sudo tcpdump -npi eth0 portrange 80-88

dir：src,dst

	sudo tcpdump -n proto TCP and port 80 and dst 115.239.210.26

proto：TCP,UDP,IP(区分大小写的)
	sudo tcpdump -npi eth0 proto TCP
	sudo tcpdump -npi eth0 proto 6 #TCP protocol number is 6

Example

sudo tcpdump -npi eth0 proto 4
sudo tcpdump -npi eth0 proto 4 or port 80  and not host 169.254.169.254	
sudo tcpdump -npi any not udp and not arp and  not port 1046 and not host 169.254.169.254

sudo tcpdump -c 30 -w tcpdump.out -port 1046 #save

参考资料

Tcpdump的详细用法

tcpdump的用法记录–命令介绍

---

---

Published

Tags

• linux 2
• tools 1
• command 1