1:tcpdump
tcpdump -nn current terminal, check the network card traffic-nn the domain name and port, displayed as a number, not a string
tcpdump-nn-c to fetch 100 packets of data
Tcpdump-nn-I eth1 specifies the NIC to fetch the data, not specified, default eth0
Tcpdump-nn port to fetch packets for the specified ports
Tcpdump-nn TCP and Port fetch packets for TCP protocol 22 ports
TCPDUMP-NN UDP fetching UDP protocol packets
Tcpdump-nn TCP and port and host 10.1.1.1 crawl TCP protocol 80 port, source 10.1.1.1 packets
Tcpdump-nn TCP and port and host 10.1.1.1-W 1.txt fetch the packet, save to the specified file.
Tcpdump-nn TCP and port and host 10.1.1.1 > 1.txt fetch the packet, save to the specified file.
The captured package is in binary format and cannot be viewed directly by cat, can be downloaded back with special tools, or Tcpdump-r 1.txt view
1.txt is just the flow of the packet, there is no specific operation content.
Tcpdump-nn -s0 TCP and Port 80-c 10-w 1.txt plus-S0 is the specific packet to crawl
2:tshark Package Name: Wireshark Tshark function is more powerful than tcpdump, can query specific access information, such as: Picture documents and so on.
Tshark-nn effect and tcpdump effect are basically the same
tshark-n-T a-r http.request-t fields-e "Frame.time"-E "ip.src"-E "http.host"-E "Http.request.method"-e "http. Request.uri " query for more detailed packet actions, such as: GET POST
1.8-Grab Bag tool tcpdump and Tshark