the tcpdump [-aAdDefhIJKlLnNOpqRStuUvxX] [-B size] [COUNT -C]
[-C FILE_SIZE] [-E Algo: Secret] [-F File] [seconds The -G]
[-i interface] [-j tstamptype] [-M Secret]
[-Q | -P in | OUT | INOUT]
[-r File] [-s snaplen] [-T of the type] [-w File]
[-W FileCount] [-y datalinktype] [the -z the Command]
[ User the -Z] [expression the]
-i LAN equipment
-w write pipe, the capture data is output to a file instead of standard output,
- gripping DST
port number port
-l convert the standard output line buffered
-s snaplen the number of bytes taken from a package. 0 indicates that the package does not cut off, grab a complete packet. Tcpdump default if only partial data packet, the default 68 bytes
-x protocol header and the packet content is displayed exactly, in hex and ASCII two ways simultaneously output
-nn specify each listening to packet the domain names into IP, the application displays the name converted from the port to the port number
-r: reading data from a given file in the data packet. And "-" indicates read from standard input
-tttt time stamps more readable format
-c after receipt of the specified number of packets, tcpdump stops
-q: Fast printout
tcpdump -i bond0 -s 0 -l -w - dst port 3306 | strings
tcpdump -s 65535 -x -nn -q -tttt -i any -c 5000 port 3306 > mysql.tcp.txt
pt-query-digest --type tcpdump mysql.tcp.txt