-n Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.
-N Don't print domain name qualification of host names. E.g., if you give this flag then tcpdump will print
``nic'' instead of ``nic.ddn.mil''.
``nic'' instead of ``nic.ddn.mil''.
-v When parsing and printing, produce (slightly more) verbose output. For example, the time to live, identi-
fication, total length and options in an IP packet are printed. Also enables additional packet integrity
checks such as verifying the IP and ICMP header checksum.
fication, total length and options in an IP packet are printed. Also enables additional packet integrity
checks such as verifying the IP and ICMP header checksum.
When writing to a file with the -w option, report, every 10 seconds, the number of packets captured.
-vv Even more verbose output. For example, additional fields are printed from NFS reply packets, and SMB pack-
ets are fully decoded.
ets are fully decoded.
-vvv Even more verbose output. For example, telnet SB ... SE options are printed in full. With -X Telnet
options are printed in hex as well.
options are printed in hex as well.
host
dst/src host
-c 抓取包的个数
-w 将抓取的包写入文件
tcpdump -vnN port 22
/usr/sbin/tcpdump -vnN -c 10000 -i eth0 -w /tmp/tcpdump_log 2>/dev/null
转载于:https://blog.51cto.com/linuxop/296459