tcpdump -i br0 -s 0 -A -w mydump.pcap
-A: Print each packet(minus减去 its link level链路层 header) in ASCII. Handy for capturing web pages
-s 0:means use the required length to catch whole packets
-w: Write the raw packets to file rather than parsing and printing them out. They can
later be printed with the -r option.Standard output is used if file is "-"
-i:Listen on interface. If unspecified, tcpdump searches the syestem interface list for the lowest number, configured up interface(excluding loopback). Ties are broken by choosing the earliest match
将得到的mydump.pcap文件在wirshark中打开观察。
阅读(852) | 评论(0) | 转发(0) |
