1. Common parameters are summarized
tcpdump
tcpdump -i (NIC)
tcpdump -nn (digital display mode and IP port is a n ip)
tcpdump -cx (capture number, x is a number)
tcpdump port xx (designated port grip packages, xx is the port number)
tcpdump tcp and port xx (specify the protocol and the port, xx is the port number, and can be omitted)
tcpdump host xx.xx.xx.xx (specify the source or destination IP address of the IP packet xx.xx.xx.xx.)
tcpdump -w xx.txt (Bazhua of packet writing a file, xx.txt the file name)
tcpdump -s0 -w xx.txt (truncated prevent packet capture, digital 0 0 S0, focus must be added to a complete package s0.)
tcpdump -r xx.txt (-w grab the user to view the package, xx.txt the file name)
-w (actually grab bag contents of the package, the flow of non-simple. If you visit a picture, you can use the -w this picture caught out. Look at the flow, you can use redirection.)
2. Detailed packet capture format
E.g:
16:52:25.923003 IP 10.10.8.3.59557 > 192.168.0.139.22: Flags [.], ack 196, win 16324, length 0
16:52: 25.923003: time in milliseconds.
IP:IP
10.10.8.3.59557: Source IP.port
> 192.168.0.139.22: Target IP.port
Flags [.], ack 196, win 16324, length 0:略
3. capture written to the file and view
#tcpdump -w 111.cap
The contents are written 111.cap packet capture file after download wireshark open to see details.