tcpdump 命令

常用示例

说明

tcpdump is a packet analyzer that captures and displays network traffic. It uses libpcap to capture packets from network interfaces and can filter traffic using Berkeley Packet Filter (BPF) syntax. The tool can capture packets in real-time, display their contents in various formats, and save them to files for later analysis. Output can show packet headers, full content, or hexadecimal dumps. tcpdump is essential for network troubleshooting, security analysis, and protocol debugging. It's the command-line counterpart to graphical tools like Wireshark.

参数

-i _interface_

Capture on specific interface.

-w _file_

Write packets to file.

-r _file_

Read packets from file.

-c _count_

Capture only count packets.

-n

Don't resolve hostnames.

-nn

Don't resolve hostnames or ports.

-v, -vv, -vvv

Verbose output levels.

-A

Print packets in ASCII.

-X

Print packets in hex and ASCII.

-s _snaplen_

Capture snaplen bytes per packet (0=full).

-e

Print link-layer header.

-q

Quick output (less protocol info).

-D, --list-interfaces

List available interfaces.

-t

Don't print timestamp on each line.

-tt

Print unformatted timestamp on each line.

-p, --no-promiscuous-mode

Don't put the interface into promiscuous mode.

-F _file_

Use file as input for the filter expression.