← 返回命令列表

Linux command

pcap 命令

文本

复制后可按需替换文件名、目录或参数。

常用示例

Read pcap with tcpdump

tcpdump -r [capture.pcap]

Read with tshark

tshark -r [capture.pcap]

Write pcap

tcpdump -i [eth0] -w [capture.pcap]

Filter and read

tcpdump -r [capture.pcap] 'port 80'

Convert with editcap

editcap [input.pcap] [output.pcapng]

说明

pcap (Packet Capture) is the file format used by libpcap for storing network packet data. It's the standard format for network captures, used by tcpdump, Wireshark, and many security tools.

FAQ

What is the pcap command used for?

pcap (Packet Capture) is the file format used by libpcap for storing network packet data. It's the standard format for network captures, used by tcpdump, Wireshark, and many security tools.

How do I run a basic pcap example?

Run `tcpdump -r [capture.pcap]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

Where can I find more pcap examples?

This page includes 5 examples for pcap, plus related commands for nearby Linux tasks.