linux抓包工具tcpdump使用
原文:http://www.51testing.com/?uid-22578-action-viewspace-itemid-142353
tcpdump -D
1.\Device\PssdkLoopback (PSSDK Loopback Ethernet Emulation Adapter)2.\Device\{CF587901-C85F-4FD6-896F-D977DEFE76EC} (Intel(R) PRO/100 VE Network Connection)
tcpdump -i <需要监控的网络适配器编号>
tcpdump -i 1
tcpdump host 192.9.200.59 and tcp port 8000
tcpdump -X host 192.9.200.59 and tcp port 8000
22:13:19.717472 IP testhost59.12535 > liujuan59.8000: . 1:330(329) ack 1 win 3278 0x0000: 4500 0171 e616 0000 8006 cb2b 0000 0000 E..q.......+.... 0x0010: c009 c83b 30f7 1f40 0000 0002 0000 0002 ...;0..@........ 0x0020: 5010 8000 b066 0000 504f 5354 202f 2048 P....f..POST./.H 0x0030: 5454 502f 312e 310d 0a43 6f6e 7465 6e74 TTP/1.1..Content 0x0040: 2d54 7970 653a 2074 6578 742f 786d 6c3b -Type:.text/xml; 0x0050: 2063.c
tcpdump -X -s 0 host 192.9.200.59 and tcp port 8000
tcpdump -X -s 0 -w aaa host 192.9.200.59 and tcp port 8000
tcpdump -X -s 0 -r aaa host 192.9.200.59 and tcp port 8000
tcpdump -r aaa
tcpdump[-adeflnNOpqRStuvxX] [-ccount] [-Cfile_size] [-Ffile] [-iinterface] [-mmodule] [-rfile] [-ssnaplen] [-Ttype] [-wfile] [-Ealgo:secret] [expression]