tcpdump simple application of Linux grab Bag

On Linux servers, it is often necessary to locate network problems and to use a grab packet.

Example: Tcpdump-x-S 0 host 10.17.81.22 and Port 9999-w/home/text.cap-i Eth4

Above means crawl and 10.17.81.22 server port 9999 to communicate all (-X) Unrestricted size (-s 0) of the network packet, and output to file Text.cap, crawl Nic Eth4.

The tcpdump takes the command line, and its command format is:
tcpdump [-ADEFLNNOPQSTVX] [-C Quantity] [-f filename]
[-I Network interface] [-R FileName] [-S Snaplen]
[-T type] [-w file name] [Expression]

The options for tcpdump are:
-A converts the network address and broadcast address into a name;
-D gives the code of the matching packets in a compiled format that people can understand;
-DD the code of the matching packet is given in the format of the C Language Program section;
-DDD the code for matching packets is given in decimal form;
-e Prints the header information of the data link layer in the output line;
-F Print out the external Internet address in digital form;
-L causes the standard output to become the buffer line form;
-N Do not convert the network address into a name;
-T does not print timestamps on each line of the output;
-V outputs a slightly more detailed information, such as the TTL and the type of service that can be included in the IP packet;
-VV output detailed message information;
-C After receiving the specified number of packets, the tcpdump will stop;
-F reads an expression from the specified file, ignoring other expressions;
-i specifies the network interface for listening;
-R reads packets from the specified file (these packages are typically generated via the-w option);
-W writes the package directly to the file and does not parse and print it;
-T directly interprets the heard packet as a specified type of message, common types are RPC (remote Procedure Call) and SNMP (Simple Network Management Protocol;)

-S sets the size limit of the catch packet, which limits the default grip size to 96 bytes (including Ethernet frames). The modification parameters are:-S 0. 0 ignores the size limit of the package, which is crawled by the actual length of the package.

More in-depth application depends on the people to do more! Remember the man command I said earlier! Mans tcpdump!

linux:~ # Mans Tcpdumptcpdump (1)                                                                                                                                               TCPDUMP (1) NAME       tcpdump-dump traffic on a networksynopsis       TCPDUMP [-addefll NNOPQRSTUUVXX] [-C Count]               [-c file_size] [-f file] [-I               interface] [-M module] [-M secret]               [-R fi Le] [-S snaplen] [-t type] [-w file]               [-W FileCount]               [-e [email protected] algo:secret,...  ]               [-y Datalinktype] [-Z User]               [Expression]

The introduction of a bit more ...