Java OpenResty Spring Spring Boot MySQL Redis MongoDB PostgreSQL Linux Android Nginx 面试 小程序 Arthas JVM AQS juc Kubernetes Docker 诊断工具


Linux tcpdump 保存为 pcap 文件

tcpdump Linux Wireshark 大约 1155 字

说明

pcap文件可适用Wireshark软件打开。

查看网卡

ifconfig

输出

eth0      Link encap:Ethernet  HWaddr 28:6E:D4:88:C9:9F  
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.254.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:20895131310 errors:0 dropped:0 overruns:0 frame:0
          TX packets:20688408611 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:9538158933013 (8.6 TiB)  TX bytes:7270083406746 (6.6 TiB)
          Interrupt:236 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:13660569339 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13660569339 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2698474116062 (2.4 TiB)  TX bytes:2698474116062 (2.4 TiB)

-w 参数

注意:sudoroot用户执行tcpdump

抓取eht0的数据包

tcpdump -i eth0 -w xxx.pcap

抓取eht0host192.168.0.2的数据包

tcpdump -i eth0 host 192.168.0.2 -w xxx.pcap

抓取eht0host192.168.0.2且端口为8080的数据包

tcpdump -i eth0 host 192.168.0.2 and port 8080 -w xxx.pcap
阅读 4814 · 发布于 2021-01-06

————        END        ————

Give me a Star, Thanks:)

https://github.com/fendoudebb

扫描下方二维码关注公众号和小程序↓↓↓

扫描二维码关注我
昵称:
随便看看 换一批