用法示例:
tcpdump -nn -vvv -X host 192.168.0.138 and port 80
tcpdump host sundown
tcpdump host helios and \( hot or ace \)
tcpdump ip host ace and not helios
tcpdump net ucb-ether
tcpdump ’gateway snup and (port ftp or ftp-data)’
tcpdump ip and not net localnet
tcpdump ’tcp[tcpflags] & (tcp-syn|tcp-fin) != 0 and not src and dst net localnet’
tcpdump ’tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)’
tcpdump ’gateway snup and ip[2:2] > 576’
tcpdump ’ether[0] & 1 = 0 and ip[16] >= 224’
tcpdump ’icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply’
常用参数:
−c count 捕获制定数目的包后退出
-nn 不转化IP和端口号
-vvv 输出详细信息
-X 以16进制和ASCII码同时显示包信息
-w 保存为PCAP格式文件
-r 从保存的PCAP文件读取信息
tcpdump -nn -vvv -X host 192.168.0.138 and port 80
tcpdump host sundown
tcpdump host helios and \( hot or ace \)
tcpdump ip host ace and not helios
tcpdump net ucb-ether
tcpdump ’gateway snup and (port ftp or ftp-data)’
tcpdump ip and not net localnet
tcpdump ’tcp[tcpflags] & (tcp-syn|tcp-fin) != 0 and not src and dst net localnet’
tcpdump ’tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)’
tcpdump ’gateway snup and ip[2:2] > 576’
tcpdump ’ether[0] & 1 = 0 and ip[16] >= 224’
tcpdump ’icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply’
常用参数:
−c count 捕获制定数目的包后退出
-nn 不转化IP和端口号
-vvv 输出详细信息
-X 以16进制和ASCII码同时显示包信息
-w 保存为PCAP格式文件
-r 从保存的PCAP文件读取信息
评论
发表评论