tcpdump

0.链接

链接1

寰宇-链接2

1.简介

抓包工具，也许可以扒扒源碼看看呢？

2.參數介紹

2.1. -i

-i interface
--interface=interface
Listen on interface.  If unspecified, tcpdump searches the system interface list for the 
lowest numbered, configured up interface (excluding loopback), which may turn out  to  be,
for  example,
              ``eth0''.

On  Linux  systems  with  2.2 or later kernels, an interface argument of ``any'' can be 
used to capture packets from all interfaces.  Note that captures on the ``any'' device 
will not be done in promiscuous mode.

If the -D flag is supported, an interface number as printed by that flag can be used as the
interface argument, if no interface on the system has that number as a name.

tcpdump -i interface      指定需要抓取的接口
tcpdump -D                可以列出目前可用于抓包的接口.
普通用户和root用户执行tcpdump -D得到的结果可能是不一样的。



promiscuous 英[prəˈmɪskjuəs]  美[prəˈmɪskjuəs]
adj.	淫乱的; 滥交的; 大杂烩的; 杂乱的;
[例句]Design and Implementation of Net-flow Charging System Based on Promiscuous Model
基于混杂模式下网络流量计费系统设计与实现

2.2. -s

tcpdump默认只会截取前96字节的内容,要想截取所有的报文内容，
可以使用-s number, number就是你要截取的报文字节数,如果是0的话,表示截取报文全部内容.

 

3.常用方法

tcpdump host 172.16.70.10 and port 44505 -i any -s 0 -w 20210909.cap
nohup tcpdump -i eth0  port 8051 -s 0 -w worpro.cap  &
nohup tcpdump -i eth1   port 64432 -s 0 -w worpro.cap  &

nohup tcpdump -i eth0 icmp -s 0 -w icmp-20211202.cap  &
nohup tcpdump -i eth0 igmp -s 0 -w igmp-20211202.cap  &
nohup tcpdump -i eth0 -s 0 port 162 and host 221.3.171.17 -w 1215_1.cap &
nohup tcpdump -i eth0 -s 0 port 162  -w 1215_1.cap &