tcpdump yes Linux One of the powerful network data acquisition and analysis tools in .tcpdump It can completely intercept the data packets transmitted in the network and provide analysis . It supports for network layer 、 agreement 、 host 、 Network or port filtering , And provide and、or、not Wait for logical statements to help you get rid of useless information .

1. Common parameters

$ tcpdump              	    #  By default , Direct start tcpdump The first network interface is monitored ( Not lo mouth ) On all packets in circulation .

$ tcpdump -i eth1      	    # 【 Parameters 】-i, Specify network card , Such as eth0、eth1. 

$ tcpdump -Q out            # 【 Parameters 】-Q, Specify whether to output or output , Such as in、out、inout

$ tcpdump -c 10			   # 【 Parameters 】-c, Specify the number of grab packets 

$ tcpdump -X     		   # 【 Parameters 】-X,  Print out the contents of the captured data , Will 16 Into the system and ASCII Output in both ways .-XX, More details 

$ tcpdump -v			  # 【 Parameters 】-v, Display detailed header information .-vv,-vvv More detailed 

$ tcpdump -s 1024          # 【 Parameters 】-s,  Specify the length of the intercepted package . Default 65535. If the length of the packet exceeds the intercepted length ,
						 #  When interception occurs , Output guild output [|proto] The logo of . But the longer you set the length , The processing time of packages will also be longer 

$ tcpdump -w test		  # 【 Parameters 】-w,  Save the captured data to a file test in 
$ tcpdump -r test          # 【 Parameters 】-r , from test Read data from , Show it 

Be careful ： The above parameters can be used together . It can also be used with the following keywords

2. Common keywords

$ tcpdump dst 192.216.20.66	     # 【 keyword 】dir  Grab   Designated receiver ID My bag 
$ tcpdump src 192.216.20.144     # 【 keyword 】src  Grab   Specify the sender IP My bag 
$ tcpdump host 192.216.20.66	# 【 keyword 】host  Grab   Specifies the packets sent and received by the host 

$ tcpdump port 22			   # 【 keyword 】port  Grab   Of the specified port IP My bag 

$ tcpdump udp				  # 【 keyword 】 udp tcp  Specify the capture protocol type .
$ tcpdump tcp

Be careful ： Keywords need to be connected with logical operators or logical operation statements in the process of use , This is different from the usage of the parameters mentioned above .

The commonly used logical operation statements are ：and、or &&、 ||

Take the non operator ： not 、 ！ （ When using the take non operator , You also need to use the and or operator to connect , Otherwise, report grammatical errors ）

Example ：

$ tcpdump -i eth0 dst 192.216.20.141 and not port 22 and udp -X -c 10
# -i eth0  Specify network card  etho
# dir  Specify to crawl to 192.216.20.141 My bag 
# not port  Exclude ports  22  Do not accept port 22 My bag 
# udp  Specify the agreement as udp
# -X  Print out the content  12 Into the system and ASCII The way 
# -c  Just grab 10 A package 

Besides ：tcpdump It can be done with grep Specify to use with , To filter the data .