Tcpdump-i Eth1-nn ' DST host 172.31.0.42 '-w/tmp/temp.cap
Listens on the specified host
$ tcpdump-i eth0-nn ' host 192.168.1.231 '
In this case, the packets received by the 192.168.1.231 host and the packets sent will be crawled.
$ tcpdump-i eth0-nn ' src host 192.168.1.231 '
Only the packets sent by the 192.168.1.231 host will be crawled.
$ tcpdump-i eth0-nn ' DST host 192.168.1.231 '
Only the packets received by the 192.168.1.231 host will be crawled.
1, if you want to catch eth0 package, the command format is as follows:
Tcpdump-i eth0-w/tmp/eth0.cap
2, if you want to catch 192.168.1.20 package, the command format is as follows:
Tcpdump-i Etho host 192.168.1.20-w/tmp/temp.cap
3, if you want to catch 192.168.1.20 ICMP packet, the command format is as follows:
Tcpdump-i Etho host 192.168.1.20 and Icmp-w/tmp/icmp.cap
4, if you want to catch 192.168.1.20 in addition to the port 10000,10001,10002 other packages, the command format is as follows:
Tcpdump-i Etho host 192.168.1.20 and! Port 10000 and! Port 10001 and! Port 10002-w/tmp/port.cap
5, if you want to grasp the VLAN 1 package, the command format is as follows:
Tcpdump-i eth0 port and VLAN 1-w/tmp/vlan.cap
6, if you want to catch the password of PPPoE, the command format is as follows:
Tcpdump-i eht0 pppoes-w/tmp/pppoe.cap
7, if you want to catch eth0 bag, catch 10,000 packets after the exit, the command format is as follows:
Tcpdump-i eth0-c 10000-w/tmp/temp.cap
8, in the background catch eth0 in the 80-port package, the command format is as follows:
Nohup tcpdump-i eth0 Port 80-w/tmp/temp.cap &
Linux Grab Bag