The command parameter for saving tcpdump packets to a file is-wxxx. cap capture eth1 package tcpdump-ieth1-w/tmp/xxx. cap catch 192.168.1.123 package tcpdump-ieth1host192.168.1.123-w/tmp/xxx. cap catch 192.168.1.123 port 80 package tcpdump-ieth1ho
TcpdumpThe command parameter for saving a packet to a file is-w xxx. cap.
Capture the eth1 package
Tcpdump-I eth1-w/tmp/xxx. cap
Capture the packet of 192.168.1.123
Tcpdump-I eth1 host 192.168.1.123-w/tmp/xxx. cap
Capture Port 80 of 192.168.1.123
Tcpdump-I eth1 host 192.168.1.123 and port 80-w/tmp/xxx. cap
Capture the icmp packet of 192.168.1.123
Tcpdump-I eth1 host 192.168.1.123 and icmp-w/tmp/xxx. cap
Capture packets of port 80 of 192.168.1.123 and ports other than 110 and 25
Tcpdump-I eth1 host 192.168.1.123 and! Port 80 and! Port 25and! Port 110-w/tmp/xxx. cap
Capture vlan 1 packets
Tcpdump-I eth1 port 80 and vlan 1-w/tmp/xxx. cap
Capture pppoe password
Tcpdump-I eth1 pppoes-w/tmp/xxx. cap
Save the file in 100 MB, and open a file larger than MB-C MB
Capture 10000 packets and exit-c 10000
Packet capture in the background, and the exit of the console will not be affected:
Nohup tcpdump-I eth1 port 110-w/tmp/xxx. cap &
You can use ethereal or wireshark to open the captured file.