Ubuntu16系统里面的tcpdump帮助信息的输出如下:
root@ubuntu:/home/fl# tcpdump --help
tcpdump version 4.9.2
libpcap version 1.7.4
OpenSSL 1.0.2g 1 Mar 2016
Usage: tcpdump [-aAbdDefhHIJKlLnNOpqStuUvxX#] [ -B size ] [ -c count ]
[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
[ -i interface ] [ -j tstamptype ] [ -M secret ] [ --number ]
[ -Q in|out|inout ]
[ -r file ] [ -s snaplen ] [ --time-stamp-precision precision ]
[ --immediate-mode ] [ -T type ] [ --version ] [ -V file ]
[ -w file ] [ -W filecount ] [ -y datalinktype ] [ -z postrotate-command ]
[ -Z user ] [ expression ]
1.抓取经过eth0,目的或源地址是192.168.1.1的网络数据
tcpdump -i eth0 host 192.168.1.1
2.抓取经过eth0,源地址是192.168.1.1的网络数据
tcpdump -i eth0 src host 192.168.1.1
3.抓取经过eth0,目的地址是192.168.1.1的网络数据,并把数据写入到test.cap文件
tcpdump -i eth0 -w test.cap dst host 192.168.1.1