默认只抓68字符
抓包
• tcpdump -i eth0 -s 0 -w file.pcap
sudo tcpdump -i eth0 tcp port 22
读取抓包⽂件
• Tcpdump -r file.pcap
TCPDUMP——筛选
• tcpdump -n -r http.cap | awk '{print $3}'| sort –u
• tcpdump -n src host 145.254.160.237 -r http.cap
• tcpdump -n dst host 145.254.160.237 -r http.cap
• tcpdump -n port 53 -r http.cap
• tcpdump -nX port 80 -r http.cap