1. Installation
Yum Install tcpdump-y
2. Monitoring Packets
tcpdump-i eth0--Monitor the ETH0 network card of this machine
tcpdump host 192.168.1.120 and \ (192.168.1.121 or 192.168.1.122\)--intercepts multiple IP packets
tcpdump-i eth0 DST host 192.168.1.120--monitors all packets sent to the host to the machine
3. Monitoring the port of the host
tcpdump TCP Port 22--monitors the TCP22 port of this machine
tcpdump UDP port 123--Listen for udp123 ports on this machine
4. Parameters
C:
Tcpdump will exit after receiving count packets.
- E:
the Data Link layer header information for the packet will be included in the printout of each row
- F:
The input to the filter expression is used as input to the file files, and the inputs on the command line are ignored
- I.:
specify the interface that the tcpdump needs to listen on
- R:
read package data from File
- T:
do not print timestamps in each line of output
-tt:
do not format the time per row of output (NT: This format may not see its meaning at one glance, such as timestamps printed into 1261798315)
-TTT:
tcpdump output, a period of time (in milliseconds) is delayed between each two lines of printing
-TTTT
Add a date print before the time stamp is printed on each line
Linux system security Tools tcpdump usage