1. Installing the system's own tcpdump tool
Yum Install Tcpdump-y
2. Monitor the host's packets
[[email protected] ~]# tcpdump-i eth0--Monitor the ETH0 network card of this machine
[[email protected] ~]# tcpdump host 192.168.1.250 and \ (192.168.1.251 or 192.168.1.252 \)--intercepts packets of multiple IPs
[[email protected] ~]# tcpdump-i eth0 DST host 192.168.1.179--monitor all packets sent to host to native
[[email protected] ~]# tcpdump-i eth0 src host 192.168.1.179--intercept all data sent by this machine
3. Monitoring the port of the host
[[email protected] ~]# tcpdump TCP port 22--Monitor native TCP22 ports
[[email protected] ~]# tcpdump UDP port 123--Monitor native udp123 ports
4. Detailed parameters
-C Count
Tcpdump will exit after receiving count packets.
The Data link layer header information for the packet will be included in the printout of-e per row
-F File
The input to the filter expression is used as the input to the file files, which is ignored at the command line.
-I. interface
Specify the interface that the tcpdump needs to listen on
-R File
Read package data from file
-T does not print timestamps in each line of output
-TT does not format the time per row of output (NT: This format may not see its meaning at one glance, such as a timestamp printed as 1261798315)
-TTT tcpdump output, a period of time (in milliseconds) is delayed between each two lines of printing
-TTTT printing of a date before the timestamp of each row is printed
-V generates detailed output when parsing and printing
DST host host if the destination domain of the IPV4/V6 packet is host, the corresponding conditional expression is true. Host can be either an IP address or a host name.
SRC Host host if the source domain of the IPV4/V6 packet is host, the corresponding conditional expression is true.
Host can be either an IP address or a host name.
This article is from the "Days Together" blog, please be sure to keep this source http://tongcheng.blog.51cto.com/6214144/1561776
The tcpdump of Linux system security tools