命令格式
tcpdump -X -s0 host hostIP -w outputfile 其中hostIP, 以及outputfile需要用户指定
各个参数的解释为
-X Print each packet (minus its link level header) in hex and ASCII. This is very handy for analysing new protocols.
将各个包输出为16进制格式和ASCII字符
-s Snarf snaplen bytes of data from each packet rather than the default of 68 (with SunOS's NIT, the minimum is actually 96). 68 bytes
is adequate for IP, ICMP, TCP and UDP but may truncate protocol information from name server and NFS packets (see below). Packets
truncated because of a limited snapshot are indicated in the output with ``[|proto]'', where proto is the name of the protocol level
at which the truncation has occurred. Note that taking larger snapshots both increases the amount of time it takes to process pack‐
ets and, effectively, decreases the amount of packet buffering. This may cause packets to be lost. You should limit snaplen to the
smallest number that will capture the protocol information you're interested in. Setting snaplen to 0 means use the required length
to catch whole packets.
-s0 表示自动设置长度使其能够显示所有数据
host 要抓包的IP地址
-w 输出抓包内容到文件中,以方便查看
举例:
在shell下
tcpdump -X -s0 host 192.168.194.28 -w dumpfile.txt
查看包内具体内容如下:
Host: 192.168.194.28
Authorization: Basic bG9nOkBxYXoqKCk=
Range: bytes=1-
User-Agent: Axel 2.4 (Linux)
Connection: Keep-Alive
HTTP/1.1 404 Not Found
Server: nginx/1.1.13
Date: Tue, 10 Apr 2012 11:53:36 GMT
Content-Type: text/html
Content-Length: 169
Connection: close
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
