Linux command
dumpcap 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Capture on default interface
dumpcap -i [eth0] -w [capture.pcapng]
List available interfaces
dumpcap -D
Capture with ring buffer
dumpcap -i [eth0] -b filesize:100000 -w [capture.pcapng]
Capture with duration limit
dumpcap -i [eth0] -a duration:60 -w [capture.pcapng]
Capture in promiscuous mode
dumpcap -i [eth0] -p -w [capture.pcapng]
Capture with packet count limit
dumpcap -i [eth0] -c [1000] -w [capture.pcapng]
说明
dumpcap is a network traffic capture tool from the Wireshark project. It captures packets and writes them to files in pcapng or pcap format. Unlike Wireshark or tshark, dumpcap focuses solely on capture without protocol dissection. The tool is designed for minimal resource usage and long-running captures. It supports ring buffers for continuous capture with automatic file rotation, making it suitable for network monitoring.
参数
- -i _interface_
- Interface to capture on.
- -w _file_
- Output file name.
- -D
- List available interfaces.
- -c _count_
- Stop after capturing count packets.
- -a _condition_
- Stop condition: duration, filesize, files.
- -b _option_
- Ring buffer option: filesize, duration, files.
- -f _filter_
- Capture filter (BPF syntax).
- -p
- Don't capture in promiscuous mode.
- -s _snaplen_
- Packet snapshot length.
- -q
- Quiet mode; less output.
FAQ
What is the dumpcap command used for?
dumpcap is a network traffic capture tool from the Wireshark project. It captures packets and writes them to files in pcapng or pcap format. Unlike Wireshark or tshark, dumpcap focuses solely on capture without protocol dissection. The tool is designed for minimal resource usage and long-running captures. It supports ring buffers for continuous capture with automatic file rotation, making it suitable for network monitoring.
How do I run a basic dumpcap example?
Run `dumpcap -i [eth0] -w [capture.pcapng]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -i _interface_ do in dumpcap?
Interface to capture on.