wiresharkThe software is a software that can be used to capture packets. It supports direct network card capture, and can also import files saved during packet capture.
File format saved when capturing packets:.cap .ncap .pcap .pcapng
The commonly used packet capture command is tcpdump, tcpdumpwhich is also a commonly used network packet capture tool for monitoring and analyzing network traffic.
Here are some examples of tcpdump commands:
Capture all traffic on the specified network interface (the network card name is eth0 ):
tcpdump -i eth0
The query method of the network card name is available on the Windows system ipconfig, if it is available on the Linux system ifconfig. (The name of the network card is the name in front of the IP address. Hahaha, this is the only way to describe it here.)
Capture HTTP traffic on a specified network interface:
tcpdump -i eth0 port 80
Capture the traffic of the specified source IP address:
tcpdump src 192.168.1.100
Capture the traffic of the specified target IP address:
tcpdump dst 192.168.1.100
Capture the traffic of the specified port:
tcpdump port 22
Save the captured packets to a file:
tcpdump -w capture.pcap
Save the packet capture information in capture.p